The way you structure your account determines other factors of your Snyk rollout. So it’s important to consider how you want to align the Organizations within your account before you start adding them.

If you are using single sign-on, you'll also want a clear picture of how users will access Organizations before you add users.

As a good practice, plan to align your Organizations with how you want to allow permissions and access to Projects. The way you set policies is the next order of consideration. And how you want to report on Projects is the third most important consideration.

Tenant

Enterprise customers, for scaling, have a robust way to organize access and reporting on the platform, the root of which is the tenant at the highest level. Each customer will generally have a single tenant. At this level, high-level analytics are available with Snyk AppRisk Pro, and Members allows management of users.

Groups

The usage of Groups varies by company.

• Most companies may have a single Group representing their company, providing roll-up reports and policies are shared among all their Organizations.
• Larger, more complex, companies may use Groups to represent each business or sub-company, when each one has its own policies, integrations, reporting needs, and people.

Organizations

Each Group will have Organizations. Access to scan results is typically at the Organization level, so if you have access to an Organization, your role based access is set the same way for the entire Organization. Reports can be rolled up at the Organization or group level.

Targets and Projects

Once integrations are configured at the Organization level, Targets for scanning can be specified in a number of ways (UI, API, or monitored from an integration or CLI).

As an example, you may configure Github at the Organization level, and then in the web interface, specify to import a repository named "JuiceShop" as a Target for code repository scanning, and within it, there may be various Projects that are created, representing the open-source manifest file (package.json), or a Code Analysis Project and related security findings.

Plan considerations

Snyk Enterprise plan customers will have the full structure. Snyk Free and Team plan customers will be entitled to a single Organization.

Walkthrough of this structure within the Snyk interface

Video: 6m40s

Snyk customers commonly structure their Organizations by Git organization structure, team, by application, or by product. When defining your Organization structure, consider how your Projects are organized, as well as who needs access to Projects within each Organization.

It's worth noting that in most cases, you will import Projects to a Target within a single Organization, to avoid duplication.

To ensure the best experience using Snyk with large numbers of Organizations and Projects, consider several guidelines when you are making decisions about your Tenant's Groups, Organizations, Projects, and Users.

Groups can hold many Organizations and Group members. We recommend limiting your account to one Group. A small number of Snyk customers have more than one Group, when required for specific reasons (like wanting to keep different business units completely separate). However, anyone considering multiple Groups needs to understand the restrictions of setting up their account in that way.

Each Group is a standalone entity. This means:

• The functionality for Groups is not tied together (at this time)
• Users, Projects, and Organizations cannot be shared among Groups
• SSO is more difficult to manage across multiple Groups
• Service accounts cannot span multiple Groups
• There is no cross-Group issue level reporting (with the exception of Snyk AppRisk Pro's analytics)
• For Snyk Apprisk Pro related items need to be tagged and in the same Group

Getting data for multiple Groups via the API requires multiple calls. If your business case calls for multiple Groups, work with your Account Executive or Technical Success Manager.

Using either the Snyk web app or the API, you can create a large number of Organizations within your Group. The Snyk platform scales well to thousands of Organisations within a Group, however some aspects of the UI can become challenging to manage at this scale, and there are also some older V1 APIs, used to manage at scale, which may struggle. The largest challenge is managing user access in a minimally permissive way. You can grant roles to users independently on an Organization by Organization basis. The scale of this task, and the risk of misconfiguration grows with the number of Organizations, so we advise not creating more Organizations than is necessary.

You can import a large number of Projects to your Organizations. While there is no limit to the overall number of Projects across all Organizations in a Group, depending on the type of plan you have with Snyk, there is a limit on the number of projects you can have in a single Organization. Refer to the Maximum number of projects in an organization article in our Docs. To avoid reaching your capacity, you can create more Organizations and split your Projects across them for a better Organization structure.

We recommend limiting each Organization to no more than 10,000 Projects, and we do not allow more than 25,000 Projects per Organization. If you’ll need more than 10,000 Projects in a single Organization, consider how a large number of Projects affects the experience with slower performance in the UI for listing Projects, notifications, the Dashboard, and the Usage page. Deleted projects cannot be recovered.