Updated on 2025-07-03 GMT+08:00

Creating a Workspace Agency

Workspace Agency Overview

A workspace agency can help improve security operations efficiency without requiring additional personnel. With a workspace agency, you can:

  • Manage multiple workspaces centrally.
  • View asset risks, alerts, and incidents in one place.
  • Enable cross-account security operations.

Workspace Hosting Process

The process of hosting a workspace is as follows.

Table 1 Workspace hosting process

Procedure

Description

Step 1: Create an Agency View

You need to create an agency view to manage the delegation that other users give you for workspace hosting.

Step 2: Create an Agency

You can create agencies to authorize other users to manage your workspaces in a project. In this way, asset risks, alerts, and incidents across workspaces can be centrally managed for security operations.

Step 3: Authorize an Agency

You need to grant permission to other users to manage your workspaces and they need to accept your delegation to attach your workspaces to their workspaces.

  1. After you create an agency, authorize the user you specified in the agency to manage your workspaces.
  2. Choose Workspaces > Agencies > Workspaces Managed by Me and accept workspaces that need to be managed by you centrally.

The accepted workspaces will be attached to your workspaces.

Limitations and Constraints

  • The specifications of the workspace agency views and the number of workspaces are as follows:
    • Constraints on workspace agency views: Only one workspace agency view can be created in a region for an account.
    • Constraints on managed workspaces:
      • Single-region scenario: A maximum of 100 workspaces can be managed by a workspace agency view.
      • Cross-region scenario: A maximum of 10 workspaces can be managed by a workspace agency view.
      • If you want to use one agency view to manage workspaces in excessive of the limit, apply for capacity expansion.
    • Restrictions: A maximum of 10 agencies can be created by an account.
  • If you select Organization for Initiated By while creating an agency, there are some limitations you need to know:
    • If you select all accounts under all organizations for the agency, the agency works for workspaces of new accounts of an organization.
    • If you select all accounts of a specific organization for the agency, it takes a while for workspaces of new accounts of the organization to be synchronized to the agency.

Step 1: Create an Agency View

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Agencies.
  4. On the Agency Views tab, click Create Agency View. The Create Agency View slide-out panel is displayed.
  5. Configure parameters required for creating the agency view.

    Table 2 Parameters for creating an agency view

    Parameter

    Description

    Agency View Name

    Name of the agency view. Configuration constraints:

    • Only letters (A to Z and a to z), numbers (0 to 9), and the following special characters are allowed: -_()
    • A maximum of 64 characters are allowed.

    Workspace Name

    The workspace you want to associate with the agency view. The workspace you associate is the main workspace.

    (Optional) Description

    Description of the agency view. Enter a maximum of 512 characters.

  6. Click OK.

    The created agency view will be displayed on the Agency Views tab.

Step 2: Create an Agency

  1. On the Agencies page, click Create Agency in the upper right corner of the page.
  2. On the Create Agency slide-out is displayed, configure agency parameters.

    Table 3 Parameters for creating an agency

    Parameter

    Description

    Initiated By

    Agency creator.

    • Current Tenant
    • Organization: If you use an administrator account of an organization or an agency account to log in to SecMaster, you can select a workspace under the organization for workspace hosting.

      The Organizations service is an account management service that enables you to consolidate multiple accounts into an organization so that you can centrally manage these accounts. For details about organizations, see the Organization User Guide.

    Agency Created By

    Workspace

    A workspace to be managed by this agency.

    Agency Accepted By

    Account

    Account name of the user who delegate the management permission to this agency. You can also enter the current account as the agency account, or obtain the account name as follows:

    1. Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
    2. On the API Credentials page, obtain the Account Name.

    Agency View

    An existing agency view.

    Agency Details

    Agency Name

    Name of the agency. Configuration constraints:

    • Only letters (A to Z and a to z), numbers (0 to 9), and the following special characters are allowed: -_()
    • A maximum of 64 characters are allowed.

    Agency Duration

    Select an agency duration.. Only Permanent is supported.

    Agency Policy

    Agency permission policy.

    You can query the meaning of a policy in IAM. To view the meaning, perform the following steps:
    1. Log in to the management console, choose Management & Deployment > Identity and Access Management from the service list to enter the IAM console.
    2. In the navigation pane on the left, choose Permissions > Policies/Roles. On the Policies page, enter the policy name in the search box.

      View the meaning and scope of the policy.

    Description

    Description of the agency. Enter a maximum of 512 characters.

  3. Click Confirm.

Step 3: Authorize an Agency

  1. On the Agencies page, click the Workspaces Managed by Me tab. In the row containing the workspace you want to manage, click Accept in the Operation column.

    If the system displays a message indicating that you are not authorized when you try to accept an agency, get authorization by referring to Authorizing SecMaster first.

  2. In the displayed dialog box, click OK.

Follow-up Operations

Choose Workspaces > Management, click the name of the created agency view. You can view details about workspaces managed in the agency view.

Related Operations

  • Editing an agency view
    1. Locate the row that contains the agency view, and click Edit in the Operation column.
    2. On the Edit Agency View slide-out panel, modify the parameters and click OK.
  • Deleting an agency view
    You can delete an agency view if you need to delete the agency workspace and agency information.
    1. Locate the row that contains the agency view, and click Delete in the Operation column.
    2. In the displayed dialog box, click OK.