Creating a Workspace Agency

Workspace Agency Overview

A workspace agency can help improve security operations efficiency without requiring additional personnel. With a workspace agency, you can:

• Manage multiple workspaces centrally.
• View asset risks, alerts, and incidents in one place.
• Enable cross-account security operations.

Workspace Hosting Process

The process of hosting a workspace is as follows.

Limitations and Constraints

• The specifications of the workspace agency views and the number of workspaces are as follows:
  • Constraints on workspace agency views: Only one workspace agency view can be created in a region for an account.
  • Constraints on managed workspaces:
    • Single-region scenario: A maximum of 100 workspaces can be managed by a workspace agency view.
    • Cross-region scenario: A maximum of 10 workspaces can be managed by a workspace agency view.
    • If you want to use one agency view to manage workspaces in excessive of the limit, apply for capacity expansion.
  • Restrictions: A maximum of 10 agencies can be created by an account.

• If you select Organization for Initiated By while creating an agency, there are some limitations you need to know:
  • If you select all accounts under all organizations for the agency, the agency works for workspaces of new accounts of an organization.
  • If you select all accounts of a specific organization for the agency, it takes a while for workspaces of new accounts of the organization to be synchronized to the agency.

Step 1: Create an Agency View

1. Log in to the management console.
2. Click in the upper part of the page and choose Security > SecMaster.
3. In the navigation pane on the left, choose Workspaces > Agencies.
4. On the Agency Views tab, click Create Agency View. The Create Agency View slide-out panel is displayed.
5. Configure parameters required for creating the agency view.

   Table 2 Parameters for creating an agency view

   Parameter	Description
   Agency View Name	Name of the agency view. Configuration constraints: Only letters (A to Z and a to z), numbers (0 to 9), and the following special characters are allowed: -_() A maximum of 64 characters are allowed.
   Workspace Name	The workspace you want to associate with the agency view. The workspace you associate is the main workspace.
   (Optional) Description	Description of the agency view. Enter a maximum of 512 characters.

6. Click OK.

   The created agency view will be displayed on the Agency Views tab.

Step 2: Create an Agency

1. On the Agencies page, click Create Agency in the upper right corner of the page.
2. On the Create Agency slide-out is displayed, configure agency parameters.

   Table 3 Parameters for creating an agency

   Parameter		Description
   Initiated By		Agency creator. Current Tenant Organization: If you use an administrator account of an organization or an agency account to log in to SecMaster, you can select a workspace under the organization for workspace hosting. The Organizations service is an account management service that enables you to consolidate multiple accounts into an organization so that you can centrally manage these accounts. For details about organizations, see the Organization User Guide.
   Agency Created By	Workspace	A workspace to be managed by this agency.
   Agency Accepted By	Account	Account name of the user who delegate the management permission to this agency. You can also enter the current account as the agency account, or obtain the account name as follows: Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default. On the API Credentials page, obtain the Account Name.
   	Agency View	An existing agency view.
   Agency Details	Agency Name	Name of the agency. Configuration constraints: Only letters (A to Z and a to z), numbers (0 to 9), and the following special characters are allowed: -_() A maximum of 64 characters are allowed.
   	Agency Duration	Select an agency duration.. Only Permanent is supported.
   	Agency Policy	Agency permission policy. You can query the meaning of a policy in IAM. To view the meaning, perform the following steps: Log in to the management console, choose Management & Deployment > Identity and Access Management from the service list to enter the IAM console. In the navigation pane on the left, choose Permissions > Policies/Roles. On the Policies page, enter the policy name in the search box. View the meaning and scope of the policy.
   	Description	Description of the agency. Enter a maximum of 512 characters.

3. Click Confirm.

Step 3: Authorize an Agency

1. On the Agencies page, click the Workspaces Managed by Me tab. In the row containing the workspace you want to manage, click Accept in the Operation column.
   

   If the system displays a message indicating that you are not authorized when you try to accept an agency, get authorization by referring to Authorizing SecMaster first.

2. In the displayed dialog box, click OK.

Follow-up Operations

Choose Workspaces > Management, click the name of the created agency view. You can view details about workspaces managed in the agency view.

Related Operations

• Editing an agency view
  1. Locate the row that contains the agency view, and click Edit in the Operation column.
  2. On the Edit Agency View slide-out panel, modify the parameters and click OK.
• Deleting an agency view
  You can delete an agency view if you need to delete the agency workspace and agency information.

  1. Locate the row that contains the agency view, and click Delete in the Operation column.
  2. In the displayed dialog box, click OK.