For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/getting_started/access_for_enterprises/choosing_topology.md. A documentation index is available at /llms.txt.

Choosing Your Datadog Topology

Overview

The first decision in your access strategy is how many Datadog organizations your enterprise needs. This decision affects everything downstream: how you define roles, restrict data, share dashboards, and manage identity. Getting it right up front avoids costly migrations later.

Start with a single org

Datadog recommends a single organization where possible. A single org maximizes the power of connected observability workflows. Traces link to logs, logs link to infrastructure, and dashboards can span your entire estate. Datadog’s access controls (including Data Access Control, granular access controls, and custom roles) provide enterprise-grade data segregation within a single org, even in regulated industries.

Evaluate segmentation before splitting orgs

Instead of adding multiple organizations, ask whether Teams and Data Access Control can provide the isolation you need within a single org. You can operate dozens of internal business units, agencies, or subsidiaries within a small number of orgs, using Data Access Control to restrict data visibility and granular access controls to protect resources. This approach preserves cross-cutting observability while still maintaining strict boundaries.

The key question is: Do these groups need to share any operational context? If teams trace requests across each other’s services, share infrastructure, or participate in the same incidents, a single org with strong internal segmentation is the better path.

When multiple orgs are appropriate

There are some cases where multiple organizations are justified:

  • Separate companies or acquisitions that do not share infrastructure, services, or personnel. If there is no shared operational context, a shared org provides little value.
  • Hard compliance boundaries requiring complete data isolation between divisions. For example, a defense division whose standard metrics and infrastructure must be invisible to commercial users, even at the metadata level.
  • Distinct billing or contractual requirements where usage must be tracked and invoiced independently.

You can also use multiple orgs as a workaround when within-org access controls don’t yet cover all products. As Datadog’s access controls expand, you can consolidate orgs over time.

Recommendations

  • Default to a single org. Use Teams and Data Access Control for internal segmentation. Only create additional orgs when there is a clear isolation requirement that cannot be met within a single org.
  • Evaluate the isolation question honestly. If the answer to “Do these groups share any services, infrastructure, or operational context?” is yes, they likely belong in the same org.
  • Plan for consolidation. If you have orgs that were created as workarounds for access control limitations, revisit whether they’re still needed as Datadog’s within-org controls expand.
  • Org migrations have limitations. If you choose to migrate your org setups in the future, it is possible to move configurations and assets like dashboards and monitors, but not historical telemetry data.

For a detailed comparison of single-org and multi-org architectures, including access control models and decision criteria, see Organization Topology.

Further reading

Additional helpful documentation, links, and articles:

Organization TopologyDOCUMENTATION more more Multi-Organization Account ManagementDOCUMENTATION more more Data Access ControlDOCUMENTATION more more Getting Started with TeamsDOCUMENTATION more more