diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md
index 34a8663..d9c08ee 100644
--- a/modules/onboarding/README.md
+++ b/modules/onboarding/README.md
@@ -72,17 +72,18 @@ resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
-| [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
-| [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
-| [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
-| [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
-| [suffix](#input\_management\_group\_ids) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_folders` instead.
List of management group ids w.r.t an org install. If not provided, set to empty by default | `set(string)` | `[]` | no |
-| [suffix](#input\_include\_folders) | folders to include for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
-| [suffix](#input\_exclude\_folders) | folders to exclude for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
-| [suffix](#input\_include\_projects) | projects to include for organization. i.e: my-project-id | `set(string)` | `[]` | no |
-| [suffix](#input\_exclude\_projects) | projects to exclude for organization. i.e: my-project-id | `set(string)` | `[]` | no |
+| Name | Description | Type | Default | Required |
+|-------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
+| [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
+| [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
+| [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
+| [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
+| [suffix](#input\_management\_group\_ids) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_folders` instead.
List of management group ids w.r.t an org install. If not provided, set to empty by default | `set(string)` | `[]` | no |
+| [suffix](#input\_include\_folders) | folders to include for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
+| [suffix](#input\_exclude\_folders) | folders to exclude for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
+| [suffix](#input\_include\_projects) | projects to include for organization. i.e: my-project-id | `set(string)` | `[]` | no |
+| [suffix](#input\_exclude\_projects) | projects to exclude for organization. i.e: my-project-id | `set(string)` | `[]` | no |
+| [enable\_automatic\_onboarding](#input\_enable\_automatic\_onboarding) | true/false whether whether Sysdig should automatically discover latest set of accounts in onboarded organization or not | `bool` | `false` | no |
## Outputs
diff --git a/modules/onboarding/organizational.tf b/modules/onboarding/organizational.tf
index 1f9ad4b..1e055b0 100644
--- a/modules/onboarding/organizational.tf
+++ b/modules/onboarding/organizational.tf
@@ -36,8 +36,12 @@ resource "sysdig_secure_organization" "google_organization" {
excluded_organizational_groups = local.check_old_management_group_ids_param ? [] : local.prefixed_exclude_folders
included_cloud_accounts = local.check_old_management_group_ids_param ? [] : var.include_projects
excluded_cloud_accounts = local.check_old_management_group_ids_param ? [] : var.exclude_projects
+ automatic_onboarding = var.enable_automatic_onboarding
depends_on = [
google_organization_iam_member.browser,
sysdig_secure_cloud_auth_account.google_account
]
+ lifecycle {
+ ignore_changes = [automatic_onboarding]
+ }
}
\ No newline at end of file
diff --git a/modules/onboarding/variables.tf b/modules/onboarding/variables.tf
index f878a7c..f3631b1 100644
--- a/modules/onboarding/variables.tf
+++ b/modules/onboarding/variables.tf
@@ -53,4 +53,10 @@ variable "exclude_projects" {
description = "(Optional) projects id to exclude for organization i.e: my-project-id"
type = set(string)
default = []
-}
\ No newline at end of file
+}
+
+variable "enable_automatic_onboarding" {
+ type = bool
+ default = false
+ description = "true/false whether Sysdig should automatically discover latest set of accounts in onboarded organization or not"
+}
diff --git a/test/examples/modular_organization/onboarding_with_posture.tf b/test/examples/modular_organization/onboarding_with_posture.tf
index 8e2cd84..a94e035 100644
--- a/test/examples/modular_organization/onboarding_with_posture.tf
+++ b/test/examples/modular_organization/onboarding_with_posture.tf
@@ -31,6 +31,9 @@ module "onboarding" {
exclude_folders = []
include_projects = ["", ""]
exclude_projects = ["", ""]
+
+ # optionally pass automatic onboarding for orgs (defaults to false)
+ enable_automatic_onboarding = false
}
module "config-posture" {