Register Your Organization

Advanced 30 minutes Auto-generated screenshots

Overview

In this tutorial, you'll learn how to register your organization on the RosettaHub Supercloud platform. Once registered, RosettaHub manages your cloud accounts (AWS, Azure, GCP) so that you can mass-onboard members, each receiving their own sandboxed cloud account with fine-grained budget controls, permissions, and resource limits.

Putting your root cloud accounts under RosettaHub management enables:

• Automated member onboarding -- each member gets a dedicated cloud account (AWS sub-account, Azure resource group, or GCP project)
• Budget enforcement -- per-user budgets with automatic policy enforcement when limits are exceeded
• Centralized governance -- permissions, regions, and resource limits managed from a single dashboard

Prerequisites

• [ ] Organization manager or administrator role at your institution
• [ ] At least one cloud provider account (AWS, Azure, or GCP) owned by your organization
• [ ] Access to cloud provider admin consoles to configure IAM roles or permissions
• [ ] Cloud provider-specific prerequisites completed (see below)

Steps

Step 1: Begin the Registration

Navigate to the organization registration page at https://www.rosettahub.com/registration/institution.xhtml and fill in the registration form with your organization's details.

You will need to provide:

• Organization name
• Administrator contact information
• Cloud provider(s) you intend to use

---

Step 2: Prepare Your Cloud Provider Accounts

Before RosettaHub can manage your cloud accounts, you must grant the appropriate access on each cloud provider you plan to use. Follow the instructions for your provider(s) below.

---

Option A: AWS Setup

To connect your AWS account, your organization must:

1. Own an AWS account that will serve as the root account
2. Create an IAM role granting RosettaHub minimal permissions for:
   • Billing and cost monitoring
   • Resource monitoring
   • Managing permissions through AWS Organizations Service Control Policies (SCPs)

Optional: Federated Console Access

The IAM role may also be configured to create admin-access roles on sub-accounts for federated console access. This allows your members to access the AWS Console directly through RosettaHub.

Budget Enforcement via SCPs

If a user exceeds their allocated budget, RosettaHub applies a Service Control Policy (SCP) that blocks resource-creating actions. The user retains read-only access and can delete existing resources, but cannot launch new ones until budget is replenished.

Optional advanced configuration:

• The IAM role on the root account can assume admin-privilege roles on sub-accounts for additional resource management capabilities

---

Option B: Azure Setup

To connect your Azure account, your organization must:

1. Own an Azure subscription that will serve as the root subscription
2. Grant RosettaHub access to manage resource groups within that subscription

---

Option C: GCP Setup

To connect your GCP account, your organization must complete several steps:

1. Own a GCP account

Ensure your organization has an active GCP account.

2. Create a Google Cloud Organization

If you do not already have a Cloud Organization, create one within Google Workspace (GSuite):

• Visit https://gsuite.google.com/signup/gcpidentity/welcome to set up your Cloud Identity

3. Request a GCP project quota increase (new accounts only)

New GCP accounts have a low default limit on the number of projects. Since RosettaHub creates a dedicated project for each member, you should request a quota increase:

• Submit a quota increase request at https://support.google.com/code/contact/billing_quota_increase

4. Grant RosettaHub access to your GCP folder

Run the following gcloud commands to give RosettaHub the necessary permissions on your folder. Replace folder_id with your GCP folder ID and rh-email with the RosettaHub service email provided during registration:

gcloud resource-manager folders add-iam-policy-binding folder_id \
  --member="user:rh-email" \
  --role="roles/owner"

gcloud resource-manager folders add-iam-policy-binding folder_id \
  --member="user:rh-email" \
  --role="roles/resourcemanager.projectCreator"

gcloud resource-manager folders add-iam-policy-binding folder_id \
  --member="user:rh-email" \
  --role="roles/resourcemanager.projectDeleter"

gcloud resource-manager folders add-iam-policy-binding folder_id \
  --member="user:rh-email" \
  --role="roles/resourcemanager.folderAdmin"

Warning

Double-check the folder_id and rh-email values before executing these commands. Incorrect values may grant permissions to the wrong principal or on the wrong folder.

5. (Optional) Configure region management

If you want to restrict users to specific regions, grant additional organization-level permissions. Replace project_id with your GCP project ID and org_id with your organization ID:

gcloud organizations add-iam-policy-binding org_id \
  --member="serviceAccount:administrator@project_id.iam.gserviceaccount.com" \
  --role="roles/orgpolicy.policyAdmin"

gcloud organizations add-iam-policy-binding org_id \
  --member="user:rh-email" \
  --role="roles/orgpolicy.policyAdmin"

Single-Region Enforcement

To restrict all users to a single region, enforce an organization policy at the folder level and communicate the chosen region to RosettaHub during setup. This ensures all member projects are constrained to that region.

---

Step 3: Submit and Await Approval

After completing the registration form and preparing your cloud provider accounts:

1. Submit the registration form
2. The RosettaHub team will review your application and verify the cloud provider access
3. You will receive confirmation once your organization is activated

---

Step 4: Verify Your Organization

Once approved, log in to the RosettaHub dashboard and verify:

1. Your organization appears in the Organizations panel
2. Your root cloud account(s) are connected and visible in the Cloud Accounts panel
3. You have manager-level access (ADMIN or SUPERUSER role)

---

Next Steps

• Register Users via Form -- Add individual members to your organization
• Register Users in Batch Mode -- Onboard many users at once using Excel templates
• Organizations Guide -- Learn about hierarchical governance in Cloud Operations
• Cloud Accounts Guide -- Manage connected cloud accounts
• Users Guide -- Manage organization members

Troubleshooting

My IAM role creation fails on AWS

Ensure that:

• You have administrator access to the AWS root account
• AWS Organizations is enabled on the account
• The IAM role policy matches the minimal permissions template provided by RosettaHub

GCP project quota increase is not approved

GCP quota increases for new accounts can take 24-48 hours. If your request is denied:

• Verify your billing account is in good standing
• Provide additional context about your organization's use case in the request
• Contact GCP support for assistance

How long does organization approval take?

RosettaHub typically reviews and processes organization registrations within 1-2 business days. You will receive an email notification once your organization is activated.

Can I connect multiple cloud providers?

Yes. You can connect AWS, Azure, and GCP accounts to the same organization. Each member can receive cloud accounts on one or more providers depending on your configuration.

---