What is a multi-organization environment in FortiEDR?
Beginning with 3.0, the FortiEDR system can be set up as a single-organization or multi-organization environment. When set up as a single-organization system, the FortiEDR system and all its operations and infrastructure serve a single tenant, called an organization in the FortiEDR system, and work as described in all the previous chapters of this guide.
Prior to 3.0, the FortiEDR system only supported a single tenant (organization). |
In a multi-organization FortiEDR system, someone with Administrator rights can perform operations and handle data for all organizations in the system. For example, think of a multi-organization environment like a hotel chain, which has a parent company along with hotels in various cities. In this scenario, the ABC Hotel corporate entity represents the main organization, and each ABC Hotel branch location represents a separate, discrete organization. For example, ABC Hotel Los Angeles, ABC Hotel New York, ABC Hotel Boston and so on.
FortiEDR uses organizations to distinguish between tenants in a multi-tenant environment. Each organization uses the same FortiEDR user interface and shares the same FortiEDR database.
Multi-organization and user roles
FortiEDR uses a series of predefined roles to control access to organizational data, as follows:
Role |
Description |
||
---|---|---|---|
Admin |
Highest-level super user that can access all data and perform all operations in the FortiEDR Central Manager console for one specific organization or all organizations, as defined in the user settings. In a FortiEDR multi-organization system, the system comes with one predefined Administrator user. More than one user with the Admin role is permitted.
|
||
Senior Analyst |
Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst. Similar to admin users but without administration privileges. A senior analyst can view all information and perform actions, such as marking security events as handled, changing policies and defining exceptions, but cannot access the Administration tab. |
||
Analyst |
SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events. Similar to senior analyst users but without access to security configuration. An analyst can view all information and perform actions, such as marking security events as handled, but cannot access the ADMINISTRATION tab or define/change policies. |
||
IT |
IT staff who can define settings related to the FortiEDR integration with the customer ecosystem. This role has system configuration access only. They can deploy and upgrade system components and perform system integration with external systems using the ADMINISTRATION tab but do not have access to any security configuration, alert monitoring, or Forensics options. |
||
Read-Only |
Basic role with read-only access to all non-administrative functions. |