Step 3: Create an Apigee organization

An Apigee organization (sometimes referred to as an org) is the top-level container in Apigee. It includes all of your environments and environment groups, users, API proxies, and related resources. For more information, see Understanding organizations.

What you're doing in this step

Now that you've enabled the required APIs, you can create an Apigee organization. Remember that the project ID and org name are always the same.

The wizard gives your new organization the same name as your project ID. This ensures that it is globally unique.

Perform the step

Permissions required for this task

You can give the Apigee provisioner a predefined role that includes the permissions needed to complete this task, or give more fine-grained permissions to provide the least privilege necessary. See:

To create a new organization in the Apigee provisioning wizard:

If it is not currently open, open the Apigee provisioning wizard. The wizard returns to the next incomplete install task.
In the wizard, click Edit next to Apigee organization:
The Create an Apigee organization view displays:

From the Analytics hosting region drop-down list, select the physical location where you want your analytics data stored. Valid regions include:

`asia-northeast1`	`asia-south1`	`asia-east1`	`asia-southeast1`
`australia-southeast1`	`us-central1`	`us-east1`	`us-west1`
`asia-southeast2`	`europe-west1`	`europe-west2`

Choose a region that is geographically close or one that satisfies your organization's storage requirements.

Under Runtime database encryption key make the following selections:
1. Choose a Cloud KMS location. The dropdown menu lists two groupings of locations: multi-regional and dual-regional are grouped together, and regional locations are in another grouping. Note that if you select a Regional location, we cannot offer an SLA higher than 99.9%.
  Note: After the organization is created, you cannot change the selected KMS location.
2. Next, choose a customer-managed encryption key. If a key already exists in the KMS location you selected, you can pick it. The wizard lists all keys in the location across all key rings. If a key doesn't exist, or if you don't want to use an existing key, you can create a new key from within the wizard. To create a key:
  1. Click Create key.
  2. Select a key ring, or if one doesn't exist, enable Create key ring and enter a key ring name and pick your key ring location. Key ring names can contain letters, numbers, underscores (_), and hyphens (-). Key rings can't be renamed or deleted.
  3. Click Continue.
  4. Create a key. Enter a name and protection level. Note that key names can contain letters, numbers, underscores (_), and hyphens (-). Keys can't be renamed or deleted. For protection level, Software is a good choice. This is the same default used by Cloud KMS; however, you can change it if you wish.
  5. Click Continue and review your selections.
  6. Click Create.
3. Click Grant to grant the service account permission to encrypt/decrypt with the selected key.
4. Click Create organization.
  Apigee begins the process of creating an organization for your project. The process takes approximately 20 minutes to complete.
  
  Tip: If you get an error during this process, try using your browser's developer tools to view the underlying HTTP response. It may help you understand what caused the error.
  For more information, see Troubleshooting.
  
  When Apigee finishes creating your organization, a check mark appears next to the task and an Edit button appears next to the next task in the wizard.
If you encounter errors during this part of the process, see Troubleshooting.

Progress (3/8 ... Keep going!)

1 2 3 NEXT: Configure service networking 5 6 7 8