Skip to content

Virtual Subgroup Orgs: Flexible Organizational Views for Security Groups

Overview

White Cloud Security provides a powerful feature called Virtual Subgroup Orgs, enabling administrators to dynamically group Security Groups across an Inheritance Tree into custom, logical virtual organizations. This allows organizations to provide reporting and view-only access as if the grouped Security Groups were part of a separate, standalone Organization β€” without disrupting their actual trust inheritance.

This is especially powerful for Managed Service Providers (MSPs) and enterprises with complex environments.

Creating a Virtual Subgroup Org

To assign a Security Group to a Virtual Organization:

  1. Navigate to the Graph View in the White Cloud Security Dashboard.
  2. Right-click on the desired Security Group within the Inheritance Tree.
  3. Choose β€œAssign this Subgroup to an Org.”
  4. Select an existing Virtual Organization or create a new one.

This action links the selected Security Group β€” and all of its children β€” to a Virtual Organization, enabling Organization-level:

  • View-only access
  • Reporting
  • Logical grouping (across otherwise unrelated tree branches)

Multiple Security Groups can be assigned to the same Virtual Org to reflect business relationships or client groupings.

Example: MSP Managing Clients by Device Type

Traditional Inheritance Tree

MSPs often separate clients' devices by function (e.g., Workstations vs. Servers) for centralized trust policy management.

graph TD
  MSP --> Clients
  Clients --> Workstations
  Clients --> Servers
  Workstations --> ClientA_Workstations["Client A - Workstations"]
  Workstations --> ClientB_Workstations["Client B - Workstations"]
  Servers --> ClientA_Servers["Client A - Servers"]
  Servers --> ClientB_Servers["Client B - Servers"]

Notes

  • All Client Workstations inherit trust policies from Clients > Workstations.
  • All Client Servers inherit trust policies from Clients > Servers.
  • Centralized policy enforcement is preserved.

Virtual Organization View

To provide Org-level access and reporting, the MSP can group Security Groups into Virtual Organizations:

graph TD
  VirtualOrgs["Virtual Organizations"]
  VirtualOrgs --> ClientA_Org["Client A Virtual Org"]
  VirtualOrgs --> ClientB_Org["Client B Virtual Org"]

  ClientA_Org --> ClientA_Workstations
  ClientA_Org --> ClientA_Servers

  ClientB_Org --> ClientB_Workstations
  ClientB_Org --> ClientB_Servers

Benefits of this View

  • Each Client is represented by a Virtual Org.
  • Admins and auditors can view/report on activity as if it's a separate Organization.
  • Centralized policy enforcement remains intact under the real Inheritance Tree.

Benefits of Virtual Subgroup Orgs

πŸ” View-Only Org-Level Access

Provide client stakeholders, security auditors, or managers with limited access to only their assigned Virtual Org’s Security Groups β€” without impacting broader administrative rights.

πŸ“Š Improved Reporting

Generate reports per Virtual Org, aggregating all associated Security Groups into one consistent view.

πŸ”— Cross-Tree Grouping

Group Security Groups from different parts of the Inheritance Tree under one Virtual Organization, reflecting real-world ownership or relationships.

πŸ›‘οΈ Decoupled Visibility from Trust

Maintain centralized trust policy enforcement while offering flexible visibility and reporting granularity β€” a key enabler of Zero-Trust Administration.

Practical Scenarios

  • Multi-Tenant Environments: Group each tenant’s servers, desktops, and cloud workloads into logical Org views.
  • Internal Departments: Assign functional trees (e.g., Engineering > Linux Servers, IT > Workstations) into a single department-level Virtual Org.
  • Franchise or Field Offices: Aggregate location-based Security Groups into unified Org views for distributed access and reporting.

Documentation References

Summary

Virtual Subgroup Orgs unlock a flexible layer of abstraction on top of your security inheritance model. Without changing how trust policies are inherited or enforced, you can build logical views that match business structures, client relationships, or auditing needs.

This enables:

  • βœ… Centralized Zero-Trust enforcement
  • βœ… Decentralized reporting and access
  • βœ… Scalable and secure organizational segmentation