Understanding organizations

3 minute read

Organizations model real-world business structure (companies, business units, departments, and working groups) within CloudBees Unify. This page explains the organizational hierarchy model, inheritance rules, and how organizations relate to components and access control.

Tenants and organizations

Your tenant is the top-level identity and access boundary in CloudBees Unify. When you sign up, CloudBees Unify creates a tenant and a root organization within it. The root organization is the starting point for your organizational hierarchy.

Organizations are created within the tenant to reflect your real-world structure. A root organization might represent a company, child organizations could represent business units or departments, and components represent the applications and services built by those teams.

Every organization receives a unique organization ID that serves as its identifier across platform features and integrations. Free plan users are limited to their root organization, while paid plan users can create unlimited child organizations with complex nesting.

Organization hierarchy

Organizations support hierarchy without restriction. Child organizations can nest within parent organizations to arbitrary depth, accommodating complex business structures.

All organizations are functionally equivalent regardless of their position in the hierarchy. Child organizations have the same capabilities as the root organization: they can contain their own components, manage their own users and teams, and establish their own policies and configurations.

The parent-child relationship creates natural boundaries for access control and resource management. Users, teams, and components associated with an organization operate within that organizational context, while potentially inheriting broader access from parent organizations depending on configuration.

Inheritance and override principles

Child organizations inherit visibility into anything declared or accessible in their parent organization unless explicitly overridden. This inheritance model reduces administrative overhead by allowing common resources, configurations, and policies to be defined once at higher levels and automatically propagated downward.

The inheritance system operates on the principle of additive access rather than restrictive inheritance. A child organization gains access to everything its parent organization can access, and can additionally define its own resources and policies.

Override capabilities allow child organizations to customize inherited behavior when business requirements demand different approaches. These overrides operate selectively, meaning organizations can accept most inherited configuration while customizing specific aspects that need to differ from the parent.

The inheritance model has important security implications, as it determines how access control, policies, and resources flow through organizational hierarchies. Understanding these implications helps administrators design organizational structures that enhance security rather than inadvertently creating access vulnerabilities.

Switching organization context

The breadcrumb navigation at the top of the CloudBees Unify interface displays your current organization and allows you to switch between organizations. Select the organization name in the breadcrumb to display other available organizations, or use the organization selector in the title bar to quickly switch context.

When you switch organization context, your permissions, visible components, and configuration options change to reflect your role within the selected organization.

Organization identity and integration

Every organization possesses a unique organization ID in the form of a universally unique identifier (UUID). These multi-hexadecimal identifiers serve as the canonical way to reference organizations in APIs, integrations, and configuration files where human-readable names might be ambiguous or changeable.

Organization IDs appear throughout the platform in contexts where programmatic access requires unambiguous identification. They are required for API operations that target specific organizations, OIDC setup procedures that need to bind authentication to organizational contexts, and integration scenarios where external systems need to reference CloudBees Unify organizations.

Organizational context affects how platform features behave and what resources users can access. When users operate within different organizations, they may have different permissions, see different components and workflows, and access different configuration options based on their role within each organizational context.

Organization IDs also play a crucial role in multi-tenant scenarios where external systems need to maintain separate contexts for different CloudBees Unify organizations. Integration patterns often rely on organization IDs to ensure that data, configurations, and operations remain properly isolated between different business units.