Mistake on this page? Email us


If you have a commercial account, you can act as an aggregator for tenants.

Tip: See Choosing your account type for more information about the other benefits of commercial accounts and how to upgrade a free account to a commercial account.

A tenant can be your customer or an internal organizational business unit. The tenant has its own account, securing data inside, but it uses the parent accounts quota and limits.

By default, the aggregator account admin user that creates the tenant team is also an admin user in the tenant account. You can choose to give admin rights to a tenant team user so the aggregator account does not need to access to the tenant account.


  • Can only access their own account information.

    • Tenants can't access information related to other tenant accounts or the aggregator account.
    • Tenants can't see the customer reference and contract reference information you define for them.
    • Tenants can only see devices they own. These devices are not visible to any other tenant account or the aggregator account.
  • Can only edit account information if they have admin rights (which you can choose to give them).

  • Have access only to the features the parent account has access to.

  • Can't also be aggregators.

  • Get their own billing report, which contains only the usage of the tenant team. The aggregator account gets an aggregated billing report as well as tenant-specific reports.

You may choose to be an aggregator if, for example:

  • You have multiple business units to manage and you want to track their individual billing information. Setting individual business units up as tenants allows you to see a breakdown of billing information by business unit.
  • You provide a service where your customers have their own dedicated application instances or devices, and you want to separate the data handling by account.

Creating a tenant account

In Portal: Creating a tenant account

To create a new tenant:

  1. In Team Configuration > Tenants, click New tenant.

    The New tenant pop-up opens.

  2. Enter a team name.

    Team names are used to construct Device Management API request URLs and therefore must meet the requirements listed in the field.

  3. Enter an organization name.

    This name is for display purposes only, so it does not have to follow the URL rules of the team name. You can use characters other than A-Z in this field.

  4. Select a country.

  5. Select or enter an industry.

  6. You can give the tenant admin access. The user can then access Portal and manage that account, including adding other users. If you do not create an admin, only you and the administrators in your team can manage the account.

    If you choose to give the tenant admin access, you will be asked to enter an email for the admin user. If the user already exists, the user will be notified by email that they have access to a new account. If the user doesn’t already exist, the user will be asked to sign up.

    Note: If you need to change any security settings for the tenant account (such as enforcing two-factor authentication), please do not create an administrator user now because that user will be able to log in before you make those changes. Instead, create the account, log into it, change its security settings and then invite a new user as an administrator.

  7. You can add billing and contact details. Any administrator you set up for the tenant can also set up and edit these details.

    If you don’t enter billing information, your own billing information will be copied to the tenant.

  8. Click Create.

    You are asked to enter your password.

  9. The tenant is created. You can see the team name and the autogenerated account ID.

    The following emails are sent:

    • An invitation email to the new tenant's administrator, if you created one.
    • Notifications to other administrators in your team that you created the tenant.
  10. Click Done.

    The tenant is now in the Tenants list.

Using the API: Creating a tenant account

​To create a tenant account, use the /v3​/accounts POST API.

Managing existing tenants

In Portal: Managing existing tenants

Any administrator on your team can log in to the tenant’s team and manage it. Managing a tenant is identical to managing any other team.

You can also edit the tenant’s details from your aggregator team account:

  1. In Team Configuration > Tenants, click the tenant’s name.

    The Tenant details pane opens.

  2. Click Edit.

    The Edit tenant pop-up.

  3. The editing process is identical to the initial creation process, as explained above.

You cannot change the tenant’s admin user in Portal. If you need to change the admin user, contact your account administrator.

The Tenant details pane has four tabs that do not offer actions:

  • Summary: basic account information, including contact details.
  • Security: account administrator sets these options; you cannot edit them in Portal.
  • Legal agreements: a list of the agreements the tenant has signed. An account administrator sets which agreements a tenant must sign; you cannot request signatures in Portal.
  • Attributes: full account information as returned by the API. Not editable.

Using the API: Managing existing tenants

​Use the various ​/v3​/accounts​ API endpoints to manage tenants, including tenant profile attributes, access keys, applications, entitlement limitations and branding.

Managing tenant security

In Portal: Managing tenant security

When creating a tenant

When you create a new tenant account, its security settings (IdP, session timeout and password length) are the default settings in Device Management. To change those settings, log in to Portal as that tenant’s administrator (the tenant team appears in your team list when you log in), and edit the team's security or identity provider.

If you need to define security settings for the tenant, please do it before inviting any users, including the admin user.

For existing tenants

The following security-related actions for tenants are only available for account administrators:

  • Delete an account.
  • Deactivate an account.
  • Remove an account’s administrator.

If you have any security concerns regarding a tenant, please contact your account administrator.

Tip: To remove non-administrator users, log into the tenant account as an administrator and delete the users.

Using the API: Managing tenant security

​Use the ​/v3​/accounts​/{account_id} ​PUT API to manage minimum password length tenants, session timeout and multi-factor authentication.

Use the ​/v3/accounts/{account_id}/identity-providers POST API to add a new identity provider for the account.

Use the ​/v3​/accounts​/{account_id}​/identity-providers​/{identity_provider_id} ​PUT API to manage an existing identity provider for the account.