When signing up for Border0, the following are automatically created:
- An Account
- An Admin User
- An Organization
Thinks of the Account as a root account. This account is the owner of one or more Organizations.
In Border all Sockets and Policies are part of an organization.
Organizations allow administrators to group resources and administrative users. Each organization can have multiple administrators.
There are several organization settings that can be configured.
In the Border0 portal, users can see all organizations they belong to under settings > My organizations..
To switch organizational contexts, just click "Switch to this Org"
border0 you can see all organizations you have access to:
$ border0 account list-orgs ┌──────────────────────────────────────┬───────────────────────────┬─────────┐ │ ID │ NAME │ CURRENT │ ├──────────────────────────────────────┼───────────────────────────┼─────────┤ │ 35efeb24-0578-4a64-87ea-54769a8aa207 │ Andree Toonk-org │ Yes │ │ 145c9ac8-7b27-4ea3-bf68-462dda88c26f │ Border0 │ No │ │ f7df5857-806d-4fc5-8a41-aaa7dfeb5822 │ Andree zerotrust demo-org │ No │ │ 24d4e858-a954-4459-88ec-3c4f5201d086 │ API Prod Connector-org │ No │ │ 1a14df54-cc56-4f08-98b3-6540895162d8 │ Border1 │ No │ └──────────────────────────────────────┴───────────────────────────┴─────────┘
To switch organization context use:
$ border0 account switch-org --org-name MyORG Switching to organization: MyORG
Since a Border0 administrator may have access to more than one organization, you must ensure you're in the right organization context. The section above describes how an admin can change between organizations. An admin may also set a default Organization. This means we'll set the organization context to the Default organization each time the Admin logs in.
Setting the default organization can be achieved by clicking on the three dots in the Actions column for the organization. From there, you can set the organization as the Default org.
each organization receives its own border0.io subdomain. This is the unique name for your organization and is also the domain used to provide DNS names for your Sockets.
For example, an organization with the name awesome-org, will have the subdomain: awesome-org-border0.io. All Sockets under this organization will get a DNS name under that subdomain, i.e. socket1-awesome-org-border0.io.
An organization can have one or more administrators. A Border0 admin user can invite new admin users via the portal or using the CLI:
border0 org invite [--org_id <orgid>] [email protected]
Remove a user from an organization.
border0 org remove [--org_id <orgid>] [email protected]
Users can have one of two roles in an organization:
Only administrators can add and remove users from an organization.
Not all actions require actual human accounts. We all like to automate "all the things".
For automation or machine tokens, Border0 provides API tokens. One great way to use these is for the Border0 Connector or systemd like scripts.
A token can be created in the portal in the Organization page. From there, click the "API Tokens" tab.
Note that tokens have either admin or member privileges. We recommend using member privileges for your Token. Note that the Token is only shown once, so make sure to copy the Token.
You can always generate a new token and revoke old tokens.
An organization has limits that are based on the type of plan the account is on.
A Border0 admin user can see the organization limits in the portal at this location
These are the standard limits
End Users (users accessing your Sockets)
Updated about 2 months ago