Baseguard
Concepts

Organizations

Multi-tenant network isolation with organizations

Organizations are the top-level container in Baseguard, providing complete network isolation between different groups of devices.

What is an Organization?

An organization represents a separate, isolated network. Each organization has its own IP address space, access control rules, user membership, and device registry. Devices in different organizations cannot communicate — there is no cross-organization traffic.

Multi-Tenancy

Baseguard supports multiple organizations, enabling:

  • MSPs — Manage networks for multiple clients
  • Enterprises — Separate networks per department or project
  • Developers — Isolated environments for dev/staging/production

Users and Roles

A user can belong to multiple organizations with different roles:

User: alice@example.com

Organization: Acme Corp → Role: Admin
Organization: Dev Team  → Role: Member
Organization: Personal  → Role: Owner

See User Roles for detailed permissions.

Switching Organizations

To switch between organizations, see baseguard switch-organization.

Creating and Managing

Organizations are created and configured through the Console. See Organization Settings for available options.

Best Practices

  • Use clear, consistent names (e.g., Acme Corp - Production, not org1)
  • Enable node approval for production organizations
  • Use separate organizations for different security levels
  • Grant minimum necessary roles to users

See Also

Security

Baseguard's security architecture and principles

CLI Reference

Complete reference for all Baseguard CLI commands

On this page

What is an Organization?Multi-TenancyUsers and RolesSwitching OrganizationsCreating and ManagingBest PracticesSee Also