Organizations for Enterprise
Organizations provides a single-tier structure for Enterprise customers to manage multiple Cloudflare accounts from one unified dashboard.
Organizations is designed for Enterprise customers of any size who manage multiple Cloudflare accounts. Whether you have 5 accounts or 500, Organizations helps you manage them from one dashboard.
Common use cases:
- Multi-brand companies managing separate accounts per brand
- Regional operations with accounts per geography
- Business units or subsidiaries with independent accounts
- Development workflows with separate accounts per environment
- Growing companies consolidating account management
Looking for MSSP (Managed Security Service Provider) or Distributor documentation? Refer to Organizations for MSSP and Distributors.
Enterprise Organizations use a single-tier structure:
Organization├── Account 1│ ├── Zone A│ └── Zone B├── Account 2│ ├── Zone C│ └── Zone D└── Account 3 └── Zone EKey characteristics:
- One Organization contains multiple accounts
- Each account can contain multiple zones
- All accounts are at the same level (no sub-organizations)
- Organization members have implicit access to all accounts
- Maximum: 500 accounts and 5,000 zones per Organization
Company A is a SaaS company with 12 Cloudflare accounts:
- 3 accounts for different product lines (Product Alpha, Product Beta, Product Gamma)
- 3 environments per product (Development, Staging, Production)
- Each account manages its own zones and configurations
Before Organizations:
- Security team manually copies WAF rules to all 12 accounts
- Admins switch between accounts individually
- No unified view of traffic or security events
- Each new admin needs explicit access to all 12 accounts
With Organizations:
- Create one Organization containing all 12 accounts
- Security team creates WAF rules once, shares to all production accounts
- Admins see all accounts in one dashboard with the enhanced account switcher
- View aggregate HTTP analytics across all accounts
- New Organization members automatically get access to all 12 accounts
- Use tags to organize accounts by product line and environment
Before you create an Organization:
- Your user must have Super Admin role access to an account with an Enterprise plan.
- You (the Organization creator) must have two-factor authentication (2FA) or single sign-on (SSO) enabled on your Cloudflare user account. This is a per-user requirement — 2FA/SSO is not an account-level setting.
- You must be a Super Administrator on the accounts you want to assign. You can add accounts of any plan type (Enterprise, PAYGO, or Free).
- Each Organization supports a maximum of 500 accounts and 5,000 zones. Refer to Limitations for details.
- You may only create a single Organization. You, or another member of your company, must not have already created an Organization.
- Your accounts must not already belong to another Organization.
- Log in to the Cloudflare dashboard ↗.
- Select Organizations.
- Select Create organization.
- Enter a name for the Organization.
- Select Create.
The Organization overview page displays after creation.
After creating an Organization, you can assign existing accounts to manage them centrally. You can add accounts of any plan type (Enterprise, PAYGO, or Free) as long as you are a Super Administrator of the account.
- From the Organization overview, select Assign an account.
- Search for an account name. Only accounts where you are a Super Administrator will appear.
- Select the account.
- Select Assign to organization.
The assigned account now appears on the Organization overview page. From here, you can view the account, copy its ID, or rename it.
To remove an account from your Organization, contact Cloudflare Support.
When you create an Organization, you become the Organization Super Administrator. This role provides implicit access to all accounts in your Organization and allows you to manage memberships at the Organization level.
Organization members receive implicit access to all accounts in the Organization. Implicit access means:
- You do not need explicit membership on each individual account.
- When you go to any account within your Organization, you automatically have Super Administrator permissions on that account.
- Implicit access is granted at the Organization level — you cannot grant implicit access to a subset of accounts.
- Implicit access is equivalent to Super Administrator. There is no read-only implicit access today.
Implicit access is separate from any existing per-account membership. If you were already an explicit member of an account before it was added to the Organization, that existing membership is unaffected.
You can invite additional members to your Organization. Invited members receive implicit Super Administrator access to all accounts in the Organization.
- From the Organization overview, select Members.
- Select Invite member.
- Enter the email address.
- Select Send invitation.
The user receives an email invitation. After accepting, they have implicit access to all accounts in the Organization.
All users who will be Organization members must have two-factor authentication (2FA) or single sign-on (SSO) enabled on their Cloudflare user account before they can accept an Organization invitation. This is a per-user requirement, not an account-level setting.
- If a user does not have 2FA or SSO enabled, they will not be able to accept the invitation.
- Ask the user to enable 2FA or SSO first, then resend the invitation.
- For instructions on enabling 2FA, refer to Set up 2FA.
- For SSO configuration, refer to Dashboard SSO.
Organizations allows you to share WAF custom rulesets and Zero Trust Gateway policies (DNS, Network, HTTP, Resolver) across accounts in your Organization. Shared policies are read-only in receiving accounts and automatically stay in sync when updated in the source account.
For detailed instructions, refer to Policy sharing.
You can view, filter, and download aggregate HTTP analytics across all accounts in your Organization:
- From the Organization overview, select Analytics & Logs.
- Use filters to narrow results by date range, account, domain, or other criteria.
- To export data, select Download.
The data includes traffic for proxied hostnames and may be based on a sample. This data does not reflect billable usage.
- Go to Organizations > Manage Organization.
- Next to Organization name, select Rename.
- Enter the new name.
- Select Rename.
- Go to Organizations > Manage Organization.
- Next to Customer identification data, select Edit.
- Update the information.
- Select Save.
Organization audit logs capture user-initiated actions performed by Organization Super Administrators through Organization-level APIs and the dashboard. These logs are separate from account-level audit logs — actions performed within a specific account continue to appear in that account's audit logs.
To view Organization audit logs in the dashboard:
- Go to Organizations > Manage Organization.
- Select Audit Logs.
You can also retrieve Organization audit logs via the API:
GET https://api.cloudflare.com/client/v4/organizations/{organization_id}/logs/auditIf you are viewing account-level audit logs and the account belongs to an Organization where you are an Organization Super Administrator, you can select View Organization Audit Logs to go to the parent Organization's audit logs.
For more details on audit log structure, filtering, and retention, refer to Audit Logs — Organization Activity Logs.
You can manage Organizations programmatically using the Cloudflare Organizations API. The API supports creating, updating, deleting Organizations, managing members, and assigning accounts.
You can manage Organizations using the Cloudflare Terraform provider ↗.
Enterprise Organizations cannot self-serve create new accounts. To add a new account, contact Cloudflare Support to create it, then assign it to your Organization.
Enterprise Organizations use a flat structure. You cannot create sub-organizations or nested containers. Use tags to organize accounts by business unit, region, or environment.
Accounts cannot be moved between Enterprise Organizations.
If you encounter errors during setup, refer to Troubleshooting.