Understanding tenants

A tenant is a container for objects within GAP (including other tenants, devices, users, groups, check-in schedules, roles, etc.). Tenants are a mechanism for segmenting access and delegating administration to your customers, departments and teams.

Let’s use an example to illustrate how you might use tenants.

Rent-a-fone are a satellite phone rental company with a number of different customers to whom they rent satellite phones. They rent out hundreds of satellite phones per year and need to be able to grant access to GAP to their customers, ensuring that those customers can only see their own handsets.

Rent-a-fone will have their own tenant on GAP – which we’ll call the "top level tenant".

We recommend that Rent-a-fone creates one tenant per customer as shown below:

When Acme Haulage Ltd want to rent a new satellite phone (300001234567890), Rent-a-fone’s provisioning team would create the new device in GAP, selecting the "Acme Haulage Ltd" tenant from the "Add new device" pane.

By creating the new device in the Acme Haulage Ltd sub-tenant, they are restricting access to that device only to users in that tenant. Users in the "Great Expeditions LLC" and "ABC Holidays PLC" tenants won’t have access to this device. So, continuing the example above, users Robert Williams, Ellie Simons, Bob Smith and Julie Brown won’t have access to this device because it’s in a different tenant.

An exception to this rule are administrator accounts in tenants higher up the hierarchy. Administrators have access to all objects in their own tenant and any sub-tenants. Continuing the above example, user Ali Khan in the Rent-a-fone tenant would have access to the new device as he is an administrator in a tenant higher up the hierarchy (whereas Jerry King is not and so would not have access).

It’s also possible to create many levels of sub-tenants. So, if "Acme Haulage Ltd" has offices in three countries and all need to manage their own devices, Rent-a-fone (or Acme Haulage) could create additional sub-tenants to support their organisational structure:

In general, we recommend keeping your tenant structure as simple as possible. You may also wish to consider if groups can help meet your access requirements (this is particularly applicable to small teams and departments where creating a new tenant create an unnecessarily administrative burden).

Devices are not the only objects that are created in specific tenants (and are thus subject to the same access rules detailed above):

We strongly recommend taking time to consider what tenant structure will best suit your requirements before creating devices, users and other objects in GAP. This is because, once a tenant structure is established, it is difficult to change without loss of data.