In certain cases, an organization administrator may wish to split an existing organization into one or more child organizations. In such circumstances, a customer must engage Cisco Meraki Support via the dashboard and open an email case to arrange for an organization split. This document is intended to provide an overview of what an organization split operation entails, the limitations of the operation, and associated frequently asked questions.
Organization Splits - What, Why, When
Any organization-level administrator with Full privileges can request an organization split. This could be for ease of administration, the transfer of equipment to another branch of the customer's business, the break-up of a managed service provider (MSP), or other use cases where the separation of equipment and licensing may be desirable. Note that no other types of administrator are authorized to request this operation and will not be able to proceed with initiating the organization split process.
The organization split process itself migrates one or more networks and their associated devices to a new, separate organization. This process does not allow for the migration of networks between two existing organizations, but allows for a minimal-downtime shift of configured networks from one organization to another.
It is important to take note of the below section regarding the limitations of the operation and the special considerations of splitting a dashboard organization into different logical entities. For additional information, please see the section in this document titled "What is the impact on device operation during/after an organization split?".
Limitations of Organization Splits
Certain Meraki dashboard configuration items are bound to the original organization and cannot be migrated as part of an organization split. The following cannot be split from the original organization to the new organization:
- Systems Manager networks
- Wireless networks that have ever used billing on any configured SSIDs - this can be verified by determining if Wireless > Configure > Billing payout exists in the network; if this page exists, the network is not eligible for splitting
- Configuration templates
- Networks bound to configuration templates
- The Users list of each network, located under Network-wide > Configure > Users
- Networks using Track by Unique client identifier cannot be split. If it is desired to include these networks as part of an Org split, the Client tracking method must first be modified.
- Any pending action batches will not be copied to the new organization and pending action batches involving networks split into the new organization will likely fail.
Note: If Meraki Cloud authentication is used for Client VPN or SSID authorization, this list must be re-populated in the new organization after the split is complete to continue working. Verify the configuration for Client VPN under Security & SD-WAN > Configure > Client VPN and any SSIDs under Wireless > Configure > Access Control.
Initiating an Organization Split
Organization-level administrators with Full privileges may initiate an organization split by opening an email case via the Meraki dashboard of the original organization. Navigate to Help > Get help in the top-right of the screen, then select the Still need help? link at the bottom of the page. From there, choose Submit an email case and fill out the form, being sure to include the following information:
- Include "Organization Split Request" in the Subject field
- A listing of the networks to be split into the new organization
- A name for the new organization
- A list of organization administrators to be copied into the new organization - at least one must be copied for the split to occur; all relevant network administrators and network owners will be migrated over automatically, assuming their corresponding network is moved
- A list of licenses to be moved to the new organization
A response to the request will be returned by Meraki Support within 24 hours, and the specialist handling the case will work with the requester from that point to confirm the request's legitimacy and verify that all the required information is correct prior to the split.
Once plans are solidified, the split will be completed the next available business day. If the org split must be completed at a specific time to account for potential downtime, please call Cisco Meraki Support at the desired time. Org splits cannot be scheduled ahead of time.
Note: Each organization created by a split will have its own license expiration date and will need to be renewed separately. Please see the section below titled "How is licensing handled for the original and new organizations after the organization split?" for additional information.
Frequently Asked Questions
What is the impact on device operation during/after an organization split?
There is minimal downtime during an organization split, as devices are moved with their corresponding networks when being split. This allows the split to take place without any loss of device-specific configuration. Please note there may be a momentary disruption in operation during the split itself. Requests to have a split done at a specific time will be handled on a best-effort basis, but may not be accommodated.
Auto VPN is currently only for Meraki security appliances in the same dashboard organization. In the event that a network with a Meraki MX appliance acting as an Auto VPN peer is moved to the new organization and the device must maintain its connection to devices in the organization it was split from, it will need to be reconfigured as a third-party VPN peer as outlined in the article Configuring Site-to-site VPN between MX Appliances in Different Organizations.
There can be unexpected downtime if networks are moved to one organization that networks in the other rely on, e.g. moving a Meraki MX security appliance network to a new organization while it is configured as a VPN concentrator for a Meraki MR access point network in the original organization. Plan accordingly when requesting an organization split to ensure all dependencies are accounted for.
What isn't copied between the original and new organizations?
The most impactful portion of an organization split is that under Meraki security policy, we do not copy information into existing organizations. This split operation does NOT move licenses from one organization into another, and cannot be used to move devices from the original organization into an already established organization - only into the new organization(s) created during the split itself.
In addition, by default, the recorded video in Meraki MV smart camera networks will be lost if they are migrated to a new organization. To keep this footage, inform Support that the video needs to be retained for the camera network(s) being migrated to the new organization. Note that no historical data will be transferred for the network(s) being moved; this includes event log and changelog entries for a network and the devices it contains.
Can an organization split be reversed?
No; after the operation is completed, the organizations are considered two distinct logical entities. Both organizations will exist independently of each other and cannot be recombined. At this time, there is no operation to merge two or more organizations into a single entity, even if they have never been split.
What happens if a network is left out of the organization split?
In the event that a network is missed during the organization split, the customer will need to correct it manually. A network in the new organization will have to be created, and the devices will need to be removed and unclaimed from the original organization, then claimed and added to the new network in the new organization.
Note: Devices lose their configuration when removed from networks, meaning these manual moves will incur downtime and may require someone on-site to configure devices via their local status page in order to get connected to the Meraki dashboard. Ensure that all required networks are included in the split request to prevent this.
Details on network creation can be found in the article Creating and Deleting Dashboard Networks. For claiming and unclaiming devices from organizations, please refer to the article Using the Organization Inventory. The process of adding and removing devices from networks can be found in the article Adding and Removing Devices from Dashboard Networks.
How is licensing handled for the organizations after the organization split?
Licensing moves between the original and new organizations must be performed by Meraki Support if the organization is using the co-termination licensing model. Administrators for organizations using the PDL model can move licenses on their own provided that they have Full access in both organizations. Ensure that corresponding licenses for all devices in the networks migrated to the new organization are accounted for.
Note that both organizations will have different license expiration dates under the co-termination model that Meraki employs. For more information about co-termination, please refer to the article The Science Behind Licensing Co-Termination.
Can an organization split be used to split an organization into a new global region?
No. The new organization is created on the same Meraki backend server as the original organization. For regionalization, a new organization would need to be created in the desired global region, as outlined in the article Creating a Dashboard Account and Organization. Note that multiple organizations can be linked together under a single login by using the same username and password when creating a new organization.
How does an organization split impact GDPR compliance for the organizations?
There is no impact on GDPR compliance when an organization split is performed. As stated above, the new organization is created on the same Meraki backend server as the original, meaning that the compliance status of both organizations will be the same as it was prior to the split.