Organizations
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
Takumi byGMO is delivered as a set of features inside Shisho Cloud byGMO, and every Takumi capability is managed at the Shisho Cloud organization level. This page covers what an organization is in Shisho Cloud and the basic operations you can perform on one.
What is an Organization?
A Shisho Cloud byGMO organization is what most SaaS products call a "tenant" — an isolated workspace that bundles together the resources, members, permissions, and billing that Takumi byGMO handles for you.
Concretely, each organization holds:
- A unique organization ID assigned at creation time.
- Members (users) belonging to the organization. A single user can belong to multiple organizations at the same time.
- Roles controlling what each member can do. See Roles and Permissions for the Takumi-related roles.
- Base subscription (plus any additional credits and paid Guard tokens) — see Subscribing to a Plan.
- Resources scoped to the organization: connected GitHub repositories and Slack workspaces, assessment targets, assessment results, credit balance, billing details, and so on.
All Takumi byGMO features (Assessment, Runner, Guard) are enabled, billed, and audited per organization. Across different organizations, these settings and usage are fully isolated.
Creating an organization
You can create an organization from the sign-up page at the same time as registering your user. If you already have an account, you can also add organizations from the organization switcher in the top-right of the console.
Choose the organization ID carefully:
- Previously used organization IDs cannot be reused. Once an ID has been issued — including IDs from deleted or frozen organizations — no other organization can use it again.
- The organization ID is exposed as part of URLs (for example,
https://cloud.shisho.dev/[your-id]/). Avoid putting confidential information into the ID — internal project code names, customer names, sensitive deal names, and similar details should stay out of it.
Deleting an organization
A user with the organization/owner role can delete an organization from the Shisho Cloud console. Deletion is permanent. If a subscription is active, it is cancelled as part of the deletion.
Deleting an organization removes every assessment result, credit balance, and configuration scoped to it. Export anything you want to keep — for example, PDF reports — before deleting.
Users who only use Takumi are typically granted up to the organization/takumi_manager role. The organization/owner role is usually not granted, so deleting a Takumi-only organization is generally not possible from the console — please request the deletion via Support instead.
For the full role hierarchy, see Roles and Permissions.
A deleted organization cannot be restored. If you delete one by mistake, you have to create a fresh organization.
Contact for organization-related requests
For requests that cannot be completed in the console — for example, deleting or restoring an organization, or enabling SSO for a role — reach us via Support.
Tips: How many Shisho Cloud organizations does your company need?
In practice, one Shisho Cloud organization is usually enough for a single company. Running multiple organizations under the same company causes friction:
- External integrations cannot be duplicated: Slack workspaces and GitHub App installations can only be linked to a single Shisho Cloud organization at a time. This is by design: it prevents a previously linked Slack workspace or GitHub App from being reused (or abused) by a different organization. The same Slack workspace cannot be split across two Shisho Cloud organizations.
- Subscriptions get fragmented: The base subscription is contracted and billed per organization. Operating multiple organizations inside one company means maintaining multiple separate contracts, payments, and invoices.
- Members and permissions become harder to manage: Although a user can belong to multiple organizations, roles and assessment targets are managed independently per organization, so the management overhead grows with the number of organizations.
If you are managing a group of companies or a consolidated corporate group, decide the number of organizations based on whether data should be isolated between those legal entities. Useful angles:
- Whether the member list (who can access what) should be fully separate per entity.
- Whether linked GitHub repositories, source code, and other data should stay isolated per entity.
- Whether each entity needs its own billing and invoicing.
Create a separate Shisho Cloud organization for each unit where you decide isolation is necessary. Some groups consolidate into a single organization; others split per subsidiary — both patterns work.