Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Organization Overview

Organizations and Tenant Systems

Organizations are a way to partition configurations and apply different security policies to SRX Series Firewalls and tenant systems. When you associate a device or tenant system with an organization in Juniper ATP Cloud, that device receives the threat management features configured for the organization. You can also provide different levels of administrator access to individual organizations.

Warning:

Unlike physical devices, which automatically make submissions to the organization they are enrolled in, tenant system submissions are ignored until they are explicitly associated with an organization using the Organization Management page in the Juniper ATP Cloud Web UI. See Organization Management for those instructions.

For example, if a managed security service provider (MSSP) partitions customers by organization and then associates all SRX Series tenant systems for an individual customer with their assigned organization, that MSSP can deliver targeted threat prevention policies to multiple customers while allowing administrators to easily switch between organizations for monitoring purposes.

Alternatively, if customers are partitioned by tenant system, an MSSP could configure a one-to-one mapping of organizations to tenant systems for each customer.

For monitoring, each tenant system is included in log file events and different administrators can be given varying levels of access to each organization. The main organization to which other organizations are attached would then serve as a “super organization” that provides a global view of key statistics across all organizations. To configure monitoring access to an organization, log into the organization as a “system administrator” and add users with the role of “observer.” See Create and Edit User Profiles for details.

Configuration Overview

Attach new organizations to the current organization (the organization you currently logged into) in Juniper ATP Cloud by navigating to Configure > Misc Configuration > Organization Management. You must enter a Username and Password for the organization in order to attach it.

All the devices and tenant systems on the Enrolled Device page appear in the Organization Management page where you can change their organization associations. See Organization Management for details.

When you associate organizations with devices or change those associations, it changes the way threat management is delivered to those devices, which can affect anti-malware and SecIntel policies. Be sure all changes in organization/device associations are well-planned and that the consequences are intentional.

Easily alternate between organizations using the Organization field at the top right of the Web UI. Click inside the organization name field and a drop-down with all available organizations appears. Select a new organization to view configurations for that organization. Note that switching between organizations is not available for all Web UI pages, only applicable ones.

Note:

You cannot create new organizations from the Organization Management page. To create an organization, log out of the Web UI. Access the login screen and click the Create Organization link on the bottom left of the login window.

SRX Series and Tenant System Enrollment

When an SRX Series Firewall is enrolled to Juniper ATP Cloud, any tenant systems configured on the device are also enrolled. The names of associated tenant systems appear in the Host name field after a colon on the Devices page in ATP Cloud. For example, when you run the enroll script on an SRX Series Firewall with the host name SRX650, that host name appears in the list of enrolled devices. If SRX650 has several tenant systems, you would have multiple host name entries starting with SRX650 followed by a colon with the name of the tenant system. For example, SRX650:subdomain1.

Related Documentation