Organizations

This page includes:

• Organizations
  • About organizations
  • Organization hierarchy
  • Admin user permissions
  • Propagating settings from a parent organization to child organizations
  • Selecting an organization in FortiMail Workspace Security
  • Organization setup - Best practices
  • Organization types
  • Understanding the Organizations page
  • Adding an organization
  • Modifying an existing organization
  • Deleting an organization
  • Moving an organization

About organizations

The Organizations page enables you to manage the organizations in your FortiMail Workspace Security deployment.

To open the Organizations page:

• In FortiMail Workspace Security, in the left navigation menu, select Settings > Organizations.

Any admin user with the "Admin" role can access the Organizations page.

Organization hierarchy

Organizations may be in a structured hierarchy. Typically, there is a single parent organization and a number of child organizations. Organizations can't have more than these 2 levels. That is, a child organization can't be the parent of another child organization.

• Typically, the parent organization is used to manage and monitor the child organizations.

• Scanning should not be performed in parent organizations - scanning should be configured to occur in child organizations only.

Admin user permissions

A person who is an admin in the parent organization will be able to access all the child organizations - even though the admin is not registered in the child organizations. This applies only when the parent is an MSSP-type organization. Admin users in all other organizations-types can access their organization only - and not any child organizations in which they are not registered. An admin user in a child organization can access that specific child organization only.

Propagating settings from a parent organization to child organizations

In most cases, configurations that are set in a parent organization are NOT applied [propagated] to the child organizations. However, when any of the following are configured in a parent organization, the configurations are applied to the child organizations as well:

Configuration	For more information, see...
Allowlists	Propagating allowlists from a parent organization to child organizations
Blocklists	Propagating blocklists from a parent organization to child organizations
Banners	Propagating banners from a parent organization to child organizations
Customization settings	Propagating customization settings to child organizations

When a setting is propagated from a parent organization to a child organization, and the child organization has the same setting - but set to a different value - the setting in the child organization takes precedence.

Selecting an organization in FortiMail Workspace Security

If you are an admin that has access to a parent organization and the associated child organizations, then you'll be able to select which organization to display in FortiMail Workspace Security. Use the drop-down on the left side of the FortiMail Workspace Security banner to select the required organization. All information displayed in FortiMail Workspace Security will relate to the selected organization.

• The number of child organizations in a parent organization is shown inside brackets - on the right of the parent organization name.

• Child organizations are shown slightly indented - with a gray right-arrow []:

If you are an admin in a child organization only, then you won't be able to select an organization in FortiMail Workspace Security - FortiMail Workspace Security will always be associated with your single child organization.

Organization setup - Best practices

• When you give a name to the parent organization, try to include a word similar to "Parent" or "Main" in the organization name. This will make it easier to identify the parent organization. For example, you could give a name such as:

  Acme.com [Parent]

  or

  Acme.com [Main]

• For any organization, only a single type of email service integration [Microsoft 365, Google Workspace, or "other"] can be enabled at any time. Therefore, for example, you can't include a Google Workspace integration and a Microsoft 365 integration in the same organization.

  In addition, for incoming Microsoft 365 email integrations, either Inline or API can be configured - not both of them simultaneously.

  Hint: In all of the above scenarios, create additional organizations in FortiMail Workspace Security if required.

Organization types

The Organization type defines the view and edit permissions of admin users in the organization - in FortiMail Workspace Security. Some organization types are applicable to parent organizations only, and some organization types are applicable to child organizations only.

Parent organization types

[These organizations may have child organizations]

MSSP	This organization is used to manage the child organizations. No scanning should be configured to occur in this organization. Scanning should be configured in child organizations only. Default child type: MSSP customer
Reseller	Default child type: Indirect Customer
Distributor	Default child type: Indirect Customer
Multi-organization	For direct organizations that have child-organizations for different business units, channels etc… Default child type: Indirect Customer

Child organization types

[These organizations can't have child organizations]

Direct customer	Has no parent organization and no child organizations.
MSSP customer	This is a child organization under an MSSP parent organization. An admin-user in an MSSP customer organization won't have access to the Organizations page and the Licensing page in FortiMail Workspace Security.
Indirect customer

The child organization types that are available for a specific organization depend on the organization type of the parent organization.

Understanding the Organizations page

The Organizations page shows a table with details about your organizations in FortiMail Workspace Security.

• If you select a parent organization, then the Organizations page shows all the organizations that you have access to - the parent organization and all the child organizations.

  • To locate the parent organization, look for an organization that has "NFR" as the Contract type.

• If you select a child organization, then the Organizations page shows only that child organization.

• Use the available controls to filter the organizations that are displayed.

  

The Organizations table includes the following information:

Active [Status]	[] The organization is protected by FortiMail Workspace Security. The organization is active. [] The organization is not protected by FortiMail Workspace Security. The organization is inactive. To activate an inactive organization, contact FortiMail Workspace Security Support. This procedure can't be done by an admin-user in FortiMail Workspace Security.
Name	The name of the organization. Note: After creating an organization, you can't modify the organization name - the organization name can be changed by FortiMail Workspace Security Support only. If necessary, contact FortiMail Workspace Security Support [support@perception-point.io] for assistance.
Contract	POC Proof-of-Concept: Typically indicates that the organization is currently being used for trial purposes. The organization will not be billed. When you add a new organization, by default the "Contract type" will be "POC". An organization can be moved from POC to Commercial by the Customer Success Manager. Contact your Customer Success Manager for details. The "Self Analyze" feature is not available to admin-users in PoC organizations. Free Not currently used. Commercial The organization is a fully-fledged billed customer. An organization is moved from POC to Commercial by the Customer Success Manager. Contact your Customer Success Manager for details. You can include the text template below in your email: Subject: Changing PoC to Commercial   Hi Perception Point - Customer Success Team, Please can you change the license status from PoC to Commercial for the following organization: Organization name: <Your organization name> as it appears in FortiMail Workspace Security Please let us know when this has been done. Thank you NFR Not-for-resale: If the Contract Type is set to NFR, then the organization is awarded 15 "free" licenses. If the "license source" is Integration, then the number of billed licenses is reduced by 15. If the "license source" is Reported or Purchased, then the number of billed licenses is not reduced - as it is assumed that the Customer Success Manager has already taken this into account. The "Self Analyze" feature is not available to admin-users. NFR is typically used to experiment with different scenarios, and for demo purposes. It is typically given by vendors to their channel partners for testing.
Billed users	The number of billed users in this organization.
Recipients
Protection	Possible options: Follow URL: Species if URL links in emails should be clicked when the email is scanned. When URLs are followed: Exclude high reputation domains: Do not follow links that are included in high-reputation domains. Excluding high-reputation domains reduces the scanning time. Exclude unsubscribe links: Do not click on unsubscribe links. This prevents unintended un-subscriptions from being performed during scans. Block malicious: Shows which scan verdicts will be quarantined. Appears as Inactive if no scan verdicts are quarantined.
Channels	Shows which channels in the organization are enabled. For details about enabled channels, see Bundles and Channels. Note: A channel is protected only if it is enabled and then activated.

Adding an organization

If you are an admin user in an organization that has the MSSP [parent] organization-type [see Organization types above], then you can add child organizations to the parent organization.

Note: When you add a new organization, by default the "Contract type" will be "POC". An organization is moved from POC to Commercial by the Customer Success Manager. Contact your Customer Success Manager for details. Pax8 customers only: 30 days after an organization is created, the organization will automatically be changed from POC to Commercial.

To add an organization

1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Organizations.

2. Click Add. The first page of the Add Organization wizard opens.

   Note: If the Add button doesn't appear, contact FortiMail Workspace Security Support [support@perception-point.io] for assistance.

   For details on the available options, see Account.

   You can also assign bundles to an organization when you add a new organization. For details on bundles, see Bundles and Channels.

Modifying an existing organization

You may be required to modify an existing organization. You can modify only a sub-set of the information that is included in each organization.

To modify an existing organization:

1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Organizations.

2. Locate the organization that you want to modify, and then click the Edit icon [] on the right side.

   For details on the available options, see Account.

Deleting an organization

After an organization is created, the organization can be deleted only by FortiMail Workspace Security Support - admin-users in FortiMail Workspace Security aren't able to delete organizations.

Contact FortiMail Workspace Security Support [support@perception-point.io] for assistance.

Moving an organization

In some scenarios, it is possible to move a child organization from one parent organization to another parent organization. However, this move can be performed by FortiMail Workspace Security Support only. For additional details, contact FortiMail Workspace Security Support [support@perception-point.io].

See also: 

• Setup