Tenants
If you have a commercial account, you can act as an aggregator for tenants. A tenant is a team that is not fully independent: It never has its own commercial agreement. Instead, it uses your team's update quota and connected device limits. Also, it may not have its own administrators; it's your choice (based on your agreement with the tenant) whether you set up an administrator user for the tenant.
Tenants:
- Can't see information from or about other tenant accounts or your own aggregator account.
- Have access only to the features your own account has access to. They may also need to sign legal agreements to access some of those features.
- Can use your firmware update service package but can't buy their own.
- Can't view the firmware update package using the REST API or through Portal (because it is derived from your own account, and they cannot view your information).
- Can't see the customer reference and contract reference information you defined for them.
- Can only edit account information, including billing information, if they have admin rights (which you may not have given them).
- Can't also be an aggregator.
- Can only see devices they own. These devices are not visible to the aggregator account (your team) or any other tenant account.
You may choose to be an aggregator if, for example:
- You give other companies access to your IoT services, and you want to keep their billing information separate from one another and from your own team. If you set them up as part of your team, you can't track their individual billing information. (It will appear to be part of yours.) If, however, you set them up as tenants, you can see a breakdown of billing information for each one.
- You manage devices on behalf of someone else and want those devices to be managed through a dedicated account, rather than through the same account that manages your own devices.
The Tenants page shows all the tenants your team can manage. You can search for a team by name.
The available actions are:
- Create a new tenant.
- Export the tenants list (as a CSV file).
- Edit a tenant.
You cannot delete a tenant in Portal. If you need to delete a tenant, contact your account administrator.
Tip: You can perform all team management actions with the Account Management API. You can also log in to your tenant accounts to manage those accounts directly.
Requesting a tenant account
If you want Arm to create a tenant account, please send a request to the Arm sales team with the following information:
- Company name.
- Company address (street, city, country, postal code).
- First and last name of a representative.
- Representative's email.
- Representative's title.
- Representative's phone number.
- Name and contact details of the person who will manage the account from your own company.
Creating a tenant yourself
To create a new tenant:
-
In Team Configuration > Tenants, click New tenant.
The New tenant pop-up opens.
-
Enter a team name.
Team names are used to construct Device Management API request URLs and therefore must meet the requirements listed in the field.
-
Enter an organization name.
This name is for display purposes only, so it does not have to follow the URL rules of the team name. You can use characters other than A-Z in this field.
-
Select a country.
-
Select or enter an industry.
-
You can give the tenant admin access. The user can then access Portal and manage that account, including adding other users. If you do not create an admin, only you and the administrators in your team can manage the account.
If you choose to give the tenant admin access, you will be asked to enter an email for the admin user. If the user already exists, the user will be notified by email that they have access to a new account. If the user doesn’t already exist, the user will be asked to sign up.
Note: If you need to change any security settings for the tenant account (such as enforcing two-factor authentication), please do not create an administrator user now because that user will be able to log in before you make those changes. Instead, create the account, log into it, change its security settings and then invite a new user as an administrator.
-
You can add billing and contact details. Any administrator you set up for the tenant can also set up and edit these details.
If you don’t enter billing information, your own billing information will be copied to the tenant.
-
Click Create.
You are asked to enter your password.
-
The tenant is created. You can see the team name and the autogenerated account ID.
The following emails are sent:
- An invitation email to the new tenant's administrator, if you created one.
- Notifications to other administrators in your team that you created the tenant.
-
Click Done.
The tenant is now in the Tenants list.
Managing existing tenants
Any administrator on your team can log in to the tenant’s team and manage it. Managing a tenant is identical to managing any other team.
You can also edit the tenant’s details from your aggregator team account:
-
In Team Configuration > Tenants, click the tenant’s name.
The Tenant details pane opens.
-
Click Edit.
The Edit tenant pop-up.
-
The editing process is identical to the initial creation process, as explained above.
You cannot change the tenant’s admin user in Portal. If you need to change the admin user, contact your account administrator.
The Tenant details pane has four tabs that do not offer actions:
- Summary: basic account information, including contact details.
- Security: account administrator sets these options; you cannot edit them in Portal.
- Legal agreements: a list of the agreements the tenant has signed. An account administrator sets which agreements a tenant must sign; you cannot request signatures in Portal.
- Attributes: full account information as returned by the API. Not editable.
Managing tenant security
When creating a tenant
When you create a new tenant account, its security settings (IdP, session timeout and password length) are the default settings in Device Management. To change those settings, log in to Portal as that tenant’s administrator (the tenant team appears in your team list when you log in), and edit the team's security or identity provider.
If you need to define security settings for the tenant, please do it before inviting any users, including the admin user.
For existing tenants
The following security-related actions for tenants are only available for account administrator:
- Delete an account.
- Deactivate an account.
- Remove an account’s administrator.
If you have any security concerns regarding a tenant, please contact your account administrator.
Tip: If you want to remove non-administrator users, you can log into the tenant account as an administrator and delete the users.