Organization Policies
Navigation
From the Organizations list, select your organization. In the sidebar, under Settings, click Policies.
Overview
Organization policies are scoped to your organization. Any policy set at the platform level takes precedence and cannot be changed for your organization; policies left unset at the platform level can be configured here.
Each policy has three states controlled by a toggle:
- Enabled — The policy is actively enforced for your organization.
- Disabled — The policy is explicitly turned off for your organization.
- Not Set — The policy inherits the platform default behavior.
Policies
No Root Access
Disable root access to cloud compute resources for all users, including resource owners, in your organization. Defaults to "Enable root access" if no policy is set.
Nitro Instance Types Only
Restrict compute resources to AWS Nitro instance types only, in your organization. Defaults to "Allow all AWS instance types" if no policy is set.
No Public IP Addresses
Prevent users in your organization from provisioning standalone public IP addresses. Defaults to "Allow public IP addresses" if no policy is set.
When enabled, requests to provision a standalone public IP address are rejected.
Archive Cost Data
Automatically summarize and then archive cost data after a specified number of months to optimize database performance. This will not delete any data, it will only summarize older data.
Enforce Security Key MFA
Feature Preview
This policy is feature-flagged and may not be visible in your organization.
Require all users in your organization to set up and use a hardware security key (such as a YubiKey) for multi-factor authentication when logging in with a password. Users without a registered security key will be prompted to register one before accessing the platform.
Users signing in through an OpenID Connect provider with Skip Platform MFA Verification enabled are not affected by this policy; their identity provider is trusted to perform multi-factor authentication.