Creating Tenants in the MSP Portal

• Introduction

• Using the Add New Tenant Workflow

• Editing the Details of an Existing Tenant

• Blocking/Unblocking a Tenant

Introduction

This chapter describes how to use the MSP portal to create and edit tenants. Before you begin, make sure you have the following information for a prospective tenant:

• The tenant name
• The services required (nZTA and/or ICS), including the maximum potential end-user count required in each case
• The subdomain you want to configure for the tenant, in the form https://<subdomain>.pulsezta.net.
• The username and email address of a tenant administrator. This is the individual who can login to the Tenant Admin Portal and configure the Secure Access Policies governing access to an organization's applications and resources.

To learn more about adding new tenants to the MSP portal, see Using the Add New Tenant Workflow. To learn more about editing an existing tenant, see Editing the Details of an Existing Tenant.

Using the Add New Tenant Workflow

To add a new tenant:

1.Log into MSP portal as an MSP Admin, see Logging into the MSP Portal.

2.From the main Dashboard page, activate the Add New Tenant workflow by selecting Add from the All Tenants panel:


The Add New Tenant workflow dialog appears:

3.In the Tenant Details section:

•Enter a tenant name.

•Use the checkboxes to select the services to which this tenant is entitled to access.

•For each selected service, enter the Max Users allowed to access the service. This is a soft limit that does not restrict additional users from enrolling to the relevant service. Instead, a tenant exceeding this limit receives a warning in the Tenant Admin Portal enabling them to take action without any reduction in service. Furthermore, the MSP Portal dashboard is updated to indicate to a MSP Admin any tenants that have breached their user limit.

4.In the Subdomain Information section:
Enter the unique Subdomain you want to allocate for this tenant. This forms part of the FQDN to which all users enroll or sign-in their devices.
Your tenant FQDN must be unique and unused. To check the availability of the FQDN, enter the Subdomain and select CHECK AVAILABILITY.
nSA presents an error if the domain is unavailable:

The subdomain should not contain a dot (.). For example: abc.dom.pulsezta.net is not valid as the subdomain <abc.dom> contains a dot (.).

5.In the Create Username* section:
Enter the Username of the initial tenant administrator account.

6.In the Contact Information section, enter the Tenant administrator Email to which you want to send the invitation email. The recipient receives an email containing credentials and a link to login to the default Tenant Admin Portal endpoint (based on the subdomain you specify for this tenant, the default endpoint is https://<subdomain>.pulsezta.net/login/admin). This includes a one-time use password that must be changed upon login.

7.Make sure your tenant details are correct. A deployed tenant can only be edited to update basic details - the product entitlement and admin account details are not amendable through the MSP Admin Portal.

A Tenant Admin is entitled to modify their administrative user details at any point through the Tenant Admin Portal. For more details, see the Tenant Admin documentation.

8.To create the tenant, select Create Tenant.
The Dashboard page reappears and your new tenant is added to the All Tenants list with a status of “Initializing”. After the creation process completes, the status updates to “Active”.

This process can take a few minutes to complete. If your tenant status remains as “Initializing” for some time, contact Ivanti Support for help.

Editing the Details of an Existing Tenant

To edit an existing tenant:

1. Log into MSP portal as an MSP Admin, see Logging into the MSP Portal.

2. From the main Dashboard page, select the checkbox adjacent to a tenant entry in the All Tenants panel, then select Edit:

   

   The Edit Tenant dialog appears:

   

3. In the Tenant Details section, you can edit:

   • The Tenant Name
   • The Max Users amount for each service entitlement
You cannot change the remaining details for an existing deployed tenant.

4. To save your changes, select Save.

Blocking/Unblocking a Tenant

To block a tenant:

1.Log into MSP portal as an MSP Admin, see Logging into the MSP Portal.

2.From the main Dashboard page, select the check box adjacent to a tenant entry in the All Tenants panel, then click Block:

Blocking a tenant

If a tenant having ICS is blocked, it blocks only the admin access. User access is not blocked and users continue to access the nSA gateways.

To unblock a tenant, select the tenant and click Unblock.

Unblocking a tenant