FortiCloud Organizations: The Centralized Solution for Multi-Tenant Security Management
.
FortiCloud Organizations represents a significant architectural shift in how Managed Security Service Providers (MSSPs) and distributed enterprises manage multiple Fortinet customer accounts and assets. This centralized service replaces legacy multi-tenancy models, consolidating disparate FortiCloud accounts into a hierarchical, single-pane-of-glass management structure. Designed for scalability and precise access control, it enables administrators to oversee resources across the entire organization or delegate management to specific organizational units. The transition to this new model is critical for partners and customers leveraging Fortinet's cloud ecosystem, as it aligns with the company's modernized licensing framework and enhanced security service delivery platform. Organizations provides the foundational structure for efficient, secure, and compliant multi-tenant management in today's complex cybersecurity landscape.
The Core Architecture of FortiCloud Organizations
FortiCloud Organizations is a centralized account management service that consolidates multiple individual FortiCloud accounts into a structured hierarchy. At its foundation is the concept of a Root Account—the primary administrative entity that creates and owns the Organization. This account holds ultimate authority and serves as the starting point for building the management structure.
The service introduces a flexible hierarchical model based on Organizational Units (OUs). Administrators can create up to three levels of OUs to logically group Member Accounts based on business relationships, geographic regions, departments, or customer segments. This structure mirrors organizational charts and enables precise delegation of management responsibilities. Member Accounts are the individual FortiCloud customer accounts that are invited to join and become part of the Organization while maintaining their distinct identity and assets.
Key Components:
- Root Account: The master administrative account that creates the Organization.
- Organization: The top-level container that encompasses all managed accounts and assets.
- Organizational Units (OUs): Hierarchical folders for grouping Member Accounts (up to three levels deep).
- Member Accounts: Individual FortiCloud accounts that join the Organization.
- IAM Users: Identity and Access Management users with specific permission scopes within the hierarchy.
The fundamental value proposition is unified visibility and control. Instead of logging into dozens of separate accounts, administrators with appropriate permissions can view and manage assets, subscriptions, and security postures across the entire Organization or within specific OUs from a single dashboard. This eliminates operational silos and reduces the complexity inherent in managing multiple customer environments.
Primary Use Cases and Target Audience
FortiCloud Organizations was designed with specific operational challenges in mind, primarily serving two distinct but overlapping constituencies within the Fortinet ecosystem.
Managed Security Service Providers (MSSPs)
For MSSPs, Organizations is indispensable for service delivery. The MSSP Deployment Guide explicitly frames the service as "seamless multitenant features designed for managed security service providers." It enables MSSPs to efficiently manage multiple customer accounts without maintaining separate login credentials for each client. The hierarchical OU structure allows MSSPs to segment customers by service tier, geographic region, or business unit while maintaining centralized oversight. The single dashboard provides immediate visibility into device health, subscription status, and security posture across all managed customers—critical for proactive service management and rapid incident response.
Distributed Enterprises and Large Organizations
Beyond MSSPs, large enterprises with distributed branch offices, subsidiaries, or complex departmental structures benefit equally from the organizational hierarchy. IT teams can create OUs for different regions, business units, or project teams while maintaining centralized policy oversight and asset management. This structure supports delegated administration where regional IT staff have management access to their specific OU without visibility into other parts of the organization—a crucial feature for both operational efficiency and security compliance.
A Four-Step Implementation Framework
Establishing a FortiCloud Organization follows a logical, four-phase process outlined in the official documentation.
Phase 1: Organization and OU Setup
The implementation begins with the Root Account user enabling the Organization feature through Account Preferences and creating the initial Organization structure. Administrators can build the OU hierarchy manually through the GUI or efficiently import complex structures using a downloadable Excel template for bulk operations. This initial architecture design is critical as it establishes the foundation for all subsequent management and delegation.
Phase 2: Account Onboarding
Once the hierarchy exists, Member Accounts are invited to join specific OUs through a secure token-based invitation system. The Root Account generates unique invitation tokens for each OU and shares them with prospective members. Those accounts then navigate to the Organization Portal (https://support.fortinet.com/organizations/), select "Join Organization," and submit the token. The Root Account must approve each join request, completing the secure enrollment process. This method ensures that only authorized accounts join the Organization at the correct hierarchical level.
Phase 3: Administrative User Creation
With Member Accounts in place, the Organization requires administrative IAM users to manage day-to-day operations. The Root Account creates specialized Organization-type permission profiles with access scoped to the entire Organization or specific OUs. These profiles grant administrative access to necessary portals like Organization Portal, IAM, and Asset Management. Subsequently, Organization-type IAM users are created and assigned these profiles, enabling them to perform administrative functions within their defined scope without Root Account privileges.
Phase 4: Operational Access and Management
The final phase involves these administrative IAM users logging into FortiCloud and selecting their authorized Organization or OU context. From here, they can create additional permission profiles and IAM users for subordinate OUs, effectively delegating authority down the hierarchy. The context switch dropdown menu becomes the primary navigation tool, allowing authorized users to seamlessly move between different OUs or Member Accounts they manage while maintaining appropriate permission boundaries.
Critical Licensing Considerations
Licensing fundamentally shapes what's possible with FortiCloud Organizations, creating a tiered capability structure.
- Basic Tier: Without a FortiCloud Premium license, organizations are limited to a maximum of ten Member Accounts. This tier suits small MSSPs or enterprises with limited scope but imposes clear constraints on growth.
- Premium Tier: The FortiCloud Premium license (
FC-15-CLDPS-219-02-DD) removes the account limit, allowing unrestricted scaling of Member Accounts within the Organization. For growing MSSPs or large enterprises, this license is essential for long-term viability.
This licensing model represents a significant evolution from previous FortiGate Cloud multi-tenancy arrangements. As noted in community discussions, the legacy multi-tenancy SKU (FCLE-10-FCLD0-161-02-12) has been retired, with Organizations positioned as its successor. Organizations that haven't transitioned may encounter challenges, as highlighted by one Reddit user whose legacy serial numbers "vanished on the Fortinet side" with support personnel showing limited awareness of the transition.
Operational Advantages and Dashboard Visibility
The operational benefits of FortiCloud Organizations materialize most visibly through its consolidated dashboard, which provides a single-pane-of-glass view of the entire managed environment.
Dashboard Widgets and Insights
When administrative users access an OU, they're presented with a comprehensive dashboard featuring multiple diagnostic widgets:
| Dashboard Widget | Provides Visibility Into |
|---|---|
| Devices | Device type breakdown and total count within the OU |
| Accounts | Total number of Member Accounts in the OU |
| Management Connectivity | Connection status of all managed devices |
| FortiGate Subscriptions | Subscription type distribution across devices |
| Sandbox Subscriptions | Sandbox service adoption within the OU |
| Firmware | Version distribution across all devices |
| CPU Usage | Processing load trends and alerts |
| Memory Usage | Memory consumption patterns and warnings |
This consolidated visibility enables proactive management and rapid identification of issues before they impact security posture. Administrators can immediately see which devices have connectivity problems, which require firmware updates, or which are experiencing resource constraints—all without navigating between individual customer accounts.
Hierarchical Permission Delegation
A particularly powerful feature is the cascading permission model. An IAM user with administrative access to an OU can create additional IAM users with permissions scoped to that OU or any subordinate units. This enables precise delegation aligned with organizational structure—regional managers can manage their regions, department heads their departments, all while the global administrator maintains oversight. The permission system ensures users only see and manage what's within their designated scope, a critical requirement for both operational efficiency and security compliance.
Migration Context and Strategic Importance
The transition to FortiCloud Organizations isn't merely an optional upgrade but a strategic necessity for organizations using Fortinet's cloud services. Community discussions reveal that the previous FortiGate Cloud multi-tenancy model is being phased out, with its dedicated SKU retired and existing implementations facing an unclear migration path.
One Reddit contributor expressed frustration that "there were no warnings for this. NONE. The existing portal has no warnings that existing multi-tenancy model is going away." This underscores the importance of proactive migration planning. Organizations still operating under legacy multi-tenancy should immediately:
- Document existing account structures and device assignments
- Engage Fortinet partner support for migration guidance
- Evaluate licensing requirements for the target Organizations deployment
- Develop a phased migration plan minimizing customer disruption
The architectural shift is significant: rather than FortiGates associating with a single multi-tenancy account, multiple independent FortiCloud accounts are now centrally managed. This change enhances security isolation between customers while providing superior management capabilities through the Organizations hierarchy.
Frequently Asked Questions (FAQ)
Q1: What exactly is FortiCloud Organizations? A1: FortiCloud Organizations is a centralized management service that consolidates multiple FortiCloud accounts into a hierarchical structure with a Root Account, Organizational Units (OUs), and Member Accounts, providing single-pane-of-glass visibility and control.
Q2: Who should use FortiCloud Organizations? A2: The service is designed primarily for Managed Security Service Providers (MSSPs) managing multiple customer accounts and large enterprises with distributed offices or subsidiaries needing centralized oversight with delegated administration.
Q3: What are the licensing requirements? A3: A basic implementation supports up to 10 Member Accounts. For unlimited scaling, the FortiCloud Premium license (FC-15-CLDPS-219-02-DD) is required.
Q4: How do accounts join an Organization? A4: Through a secure invitation process where the Root Account generates OU-specific tokens, shares them with Member Accounts, who then use the Organization Portal to request access, which the Root Account must approve.
Q5: What happened to the old FortiGate Cloud multi-tenancy? A5: The legacy multi-tenancy model is being phased out, with its SKU retired. FortiCloud Organizations is its official successor, requiring migration for existing implementations.
Q6: How many levels of hierarchy can I create? A6: You can create up to three levels of Organizational Units (OUs) beneath the root Organization level.
Q7: Can I delegate administration within the hierarchy? A7: Yes, through IAM permission profiles scoped to specific OUs, allowing administrators to manage their segments while higher-level administrators maintain broader visibility.
Q8: What visibility does the OU Dashboard provide? A8: It offers consolidated views of devices, accounts, connectivity status, subscriptions, firmware versions, and resource utilization (CPU/memory) for all assets within the selected OU scope.
Future Outlook and Strategic Recommendations
FortiCloud Organizations represents the future of multi-tenant management within the Fortinet ecosystem. As cloud-delivered security services continue to dominate the market, the ability to efficiently manage distributed deployments becomes increasingly critical. Organizations using legacy multi-tenancy should prioritize migration to avoid service disruption, while new deployments should architect directly on the Organizations framework.
The service's true value emerges in operational maturity—reducing administrative overhead, enhancing visibility, and enabling precise delegation. For MSSPs, it transforms customer management from a logistical challenge into a scalable business advantage. For enterprises, it provides the governance structure needed for secure, distributed operations.
As Fortinet continues evolving its cloud platform, Organizations will likely serve as the foundational layer for increasingly sophisticated management capabilities, integrated security services, and automated operations—making adoption not just beneficial but essential for organizations committed to Fortinet's cloud ecosystem.