Groups and organizations
Organizing your projects and controlling access
Plan account structure
The way you structure your account determines other factors of your Snyk roll out. So it’s important to consider how you want to align the organizations within your account before you start adding them.
If you are using single sign-on, you'll also want a clear picture of how users will access organizations before you add users.
As a good practice, plan to align your organizations with how you want to allow permissions and access to projects. The way you set policies are the next order of consideration. And how you want to report on projects are the third most important consideration.
Overview of Snyk account structure
The hierarchy for your Snyk account includes a group at the highest level, organizations within that group, and projects within those organizations. Consider the hierarchy, as well as who needs access to specific projects, when determining how to align your Snyk organizations with your project structure.
Snyk customers commonly structure their organizations by team, by application, by environment, or by product. When defining your organization structure, consider how your projects are organized, as well as who needs access to projects within each organization.
To ensure the best experience using Snyk with large numbers of organizations and projects, there are several guidelines to consider when making decisions about your groups, organizations, projects, and users.
Snyk is actively working on improving these performance issues.
Groups can hold many organizations and group members. We recommend limiting your account to 1 group. A small number of Snyk customers have more than 1 group, when required for specific reasons (like wanting to keep different business units completely separate). However, anyone considering multiple groups needs to understand the limitations of setting up their account in that way.
Each group is a stand alone entity. This means:
- the functionality for groups is not tied together at this time
- there is no cross-group reporting
- users, projects, and organizations cannot be shared between groups
- SSO is more difficult to manage across multiple groups
- service accounts cannot span multiple groups
Getting data for multiple groups via the API requires multiple calls. If your business case calls for multiple groups, work with your Account Executive or Technical Success Manager.
Using either the Snyk web app or the API, you can create a large number of organizations within your group. However, if you have more than 2000 organizations in your group, you begin to risk performance issues. When the application must load a high number of entities, this means:
- performance is slowed for group administrators and group-level notifications
- group-level service account creation may fail
You can import a large number of projects to your organizations.
We recommend limiting each organization to no more than 10,000 projects, and we do not allow more than 25,000 projects per organization.
If you’ll need more than 10,000 projects, consider how a large number of projects affects the experience with slower performance for listing projects, notifications, the Dashboard, and the Usage page. Deleted projects cannot be recovered.
While there is no limit to the overall number of projects across all organizations in a group, depending on the type of plan you have with Snyk, there is a limit on the number of projects you can have in a single organization. Refer to the Maximum number of projects in an organization article in our Docs. To avoid reaching your capacity, you can create more organizations and split your projects across them for a better organization structure.
You can have a large number of users in your organizations and groups.
We recommend structuring your organizations so that there are not more than 2,000 users per organization.
If you have more than 2,000 users in an organization, you begin to risk performance issues. When the application must load a high number of users, this means performance is slowed for the dashboard and the group members management page.
If users have a number of memberships in a given group, all requests (in the Snyk web app, via the API, or in the CLI) are slowed as calculations and queries occur on most requests to check access and permissions.
Congrats! You now know all about groups and organizations and are ready to plan your organizational structure.