Organizations / services / admin roles
10.2.2.7.2. Organizations, services, and admin roles

In order to create Futurae service accounts to use Airlock 2FA, access to Futurae's admin web interface is required.

To keep security up, it is crucial to understand, how the tool is organized and who has access to what. For this reason, we hereby summarize the most important points of Futurae Support platform - Organization, Services, and Users.

Organizations and services

Access to the Futurae admin web interface is structured around organizations and services:

Organization
An organization represents an organization (such as an IAM customer) and encompasses all services of that organization. Billing and support are also organized on this level.
The organization is created when the Airlock 2FA service is ordered.
An organization has at least one owner.
Service
To use Airlock 2FA, at least one service account in the Futurae cloud service is required.
A service belongs to exactly one organization and roughly has a name, icon, service ID, and API keys plus some settings.
Each Airlock IAM instance connects to one service to provide the Airlock 2FA features.

Admin roles

Access control within the Futurae admin web interface is role-based. The following roles are available and important to understand for security reasons:

Owner
Admins with the role owner own the organization and may access all services including the service credentials. Owners may also invite other users to be admins and assign roles to them.
An admin may be the owner of multiple organizations.
Admin
Admins with the role admin may access selected services as defined by one of the owners: The owners of an organization defines the set of services an admin has access to.
It is recommended to limit access productively used services to as few admins as possible.
Support
Admins with the role support can manage users and tokens of selected services. The owners of an organization define the set of services a support admin has access to.

Security considerations

Admins with roles owner and admin have access to all or a limited set of service account credentials. This is very critical for security (see 10.2.2.7.1. Service accounts).

Carefully select the users that have access to the Futurae admin web interface:

  • Owners have access to all service account credentials and must be chosen with great care.
  • Remove the owner role from unauthorized admins before creating the first productively used service.
  • Admins with access to productively used service accounts must be chosen with great care.
  • Support users with access to productively used service accounts must be chosen with great care.