You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manage/manage-subscription/manage-orgs-for-mssps.md
+35-2Lines changed: 35 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,6 +9,39 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
9
9
10
10
This article describes how to manage organizations for Managed Security Service Providers (MSSPs). MSSPs in Sumo Logic use [Cloud SIEM](/docs/cse/), and consist of a parent organization with child organizations that have content synced across the organizations, such as Cloud SIEM rules and rule tuning expressions.
11
11
12
+
## Prerequisites
13
+
14
+
### Roles
15
+
16
+
You must have the following [organization role capabilities](/docs/manage/users-roles/roles/role-capabilities/#organizations) to create and manage organizations as an MSSP administrator:
17
+
18
+
* Organizations
19
+
* View Organizations
20
+
* Create Organizations
21
+
* Manage Organizations
22
+
23
+
## Create a child organization with SSO enabled
24
+
25
+
When you [create a new child organization](/docs/manage/manage-subscription/create-manage-orgs/#create-a-new-child-organization) as an MSSP administrator, SSO is automatically enabled, allowing you to sign in to the child organization without having to provide credentials.
26
+
27
+
For this to work, you must have already [set up SAML single sign-on](/docs/manage/security/saml/set-up-saml/) for user access to the parent organization.
28
+
29
+
### Sign in to a child organization automatically
30
+
31
+
When you open the details of a newly-created child organization, a link for the child organization appears under **Basic Details**. When you click the link, you are automatically signed in to the child organization.
32
+
33
+
<img src={useBaseUrl('img/manage/subscriptions/mssp-sso-enabled.png')} alt="SSO enabled for a child organization" style={{border: '1px solid gray'}} width="300"/>
34
+
35
+
Automatic sign-in works because when you created the child organization, a [custom subdomain](/docs/manage/manage-subscription/manage-org-settings/#set-up-a-customsubdomain) was automatically added, and SSO was enabled by default. Therefore, you are already provisioned as a user in the child organization and can access the organization at any time without needing to log in.
36
+
37
+
If you need more security, you can click **Disable SSO** to turn off single sign-on for the child organization, requiring MSSP administrators to enter credentials to sign in to child organizations.
38
+
39
+
### Sign back in with parent org credentials
40
+
41
+
As an MSSP administrator, if you log out of a child organization that has SSO enabled, the following screen appears. Click the **Login with Parent Org** button to automatically log in using your credentials from the parent organization.
If you want to ensure that content in one organization is copied to other organizations, you can use the **Content Management** tab to sync the content. You can sync Cloud SIEM [rules](/docs/cse/rules/) and [rule tuning expressions](/docs/cse/rules/rule-tuning-expressions/).
@@ -31,8 +64,8 @@ If you want to ensure that content in one organization is copied to other organi
31
64
32
65
## Multi-insights list page in Cloud SIEM
33
66
34
-
If you are logged in to a parent organization with child organizations that also use Cloud SIEM, the [insights list page in Cloud SIEM](/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/#insights-list-page) shows all insights across all your childorganizations.
67
+
If you are logged in to a parent organization with child organizations that also use Cloud SIEM, the insights list page in Cloud SIEM allows you to [view insights in child organizations](/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/#view-insights-in-child-organizations).
35
68
36
-
This multi-insights list page (also known as a "federated" page) shows insights just as in a normal insights list page. However, when you click an insight on the page, it opens the insight's details in the child organization's UI. You can also use the board view on the multi-insights page to move insights to different statuses.
69
+
This multi-insights list page (also known as a "federated" page) shows insights just as in a normal insights list page. When you click an insight on the page, you are automatically signed in to the child organization (if [SSO is enabled for the child organization](#create-a-child-organization-with-sso-enabled)), and the insight's details open in the child organization's UI. You can also use the board view on the multi-insights page to move insights to different statuses.
37
70
38
71
To be able to see insights in child organizations, [add child organizations](/docs/manage/manage-subscription/create-manage-orgs/) that use Cloud SIEM. Then when the parent organization user goes to their Cloud SIEM insights list page, all the child organizations' insights appear in the list.
0 commit comments