Help Center> SecMaster> User Guide> Workspaces> Workspace Agencies> Creating an Agency
Updated on 2024-06-07 GMT+08:00
View PDF

Creating an Agency

Scenario

SecMaster allows you to create agencies to authorize other users in the project to manage your workspaces. This way, other users can view asset risks, alerts, and incidents and perform security operations for you in a unified manner.

Limitations and Constraints

If you select Organization for Initiated By, there are some limitations you need to know:

  • If you select all accounts under all organizations for the agency, the agency works for workspaces of new accounts of an organization.
  • If you select all accounts of a specific organization for the agency, it takes a while for workspaces of new accounts of the organization to be synchronized in the agency.

Prerequisites

  • An agency view has been created by the agency user. For details about how to create an agency view, see Creating an Agency View.
  • You have authorized the workspaces to access the cloud service data.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Agencies.

    Figure 1 Agencies

  4. Click Create Agency in the upper right corner of the page.
  5. On the Create Agency slide-out is displayed, configure agency parameters.

    Table 1 Parameters for creating an agency

    Parameter

    Description

    Initiated By

    Agency creator.

    If you use an administrator account of an organization or an agency account to log in to SecMaster, you can select a workspace under the organization for workspace hosting.

    The Organizations service is an account management service that enables you to consolidate multiple accounts into an organization so that you can centrally manage these accounts. For details, see Overview of Organizations.

    Agency Created By

    Workspace

    A workspace to be managed by this agency

    Agency Accepted By

    Account

    Account name of the user who delegate the management permission to this agency. Take the following steps to obtain the account name:

    1. Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
    2. On the API Credentials page, obtain the Account Name.
      Figure 2 Account Name

    Agency View

    An existing agency view.

    Agency Information

    Agency Name

    Name of the agency

    Agency Duration

    How long the agency works

    Agency Status

    Agency permission policy.

    You can query the meaning of a policy in IAM. To view the meaning, perform the following steps:

    1. Log in to the management console, hover the mouse over the username in the upper right corner, and select Identity and Access Management from the drop-down list. The IAM users page is displayed.
    2. In the navigation pane on the left, choose Permissions > Policies. On the Policies page, enter the policy name in the search box.

      View the meaning and scope of the policy.

    Description

    Description of the agency

  6. Click Confirm.

Follow-up Operations

You need to wait for agency user's acceptance of your delegation. As an agency user, you need to accept the delegation from other users. For details, see Authorizing an Agency.

Parent topic: Workspace Agencies