Multitenancy with subaccounts
The multitenancy feature is designed for managed security service providers to manage multiple customers as subaccounts. It also allows you to move registered devices between these subaccounts and allocate administrators to each subaccount. You can give FortiGate Cloud subaccount users full or read-only access, allowing more control over a managed service's provisioning.
FortiGate Cloud multitenancy with subaccounts applies to only FortiGate Cloud. Using multitenancy with FortiCloud organizations is recommended to use multitenancy across FortiCloud products and services. |
To activate multitenancy:
- Contact your Fortinet partner or reseller, requesting the following SKU: FCLE-10-FCLD0-161-02-DD. They email you a multitenancy activation code.
- In FortiGate Cloud, select Settings > Account Setting.
- Select Activate multi-tenancy feature.
- Enter the activation code, and click OK.
To configure basic multitenancy:
- On the Inventory page, select Import FortiCloud or FortiDeploy Key to add multiple FortiGate Cloud licenses at once.
After the device successfully deploys, the device key becomes invalid. You can only use the key once to deploy a device.
- On the FortiGate Inventory subpage, select one or multiple devices, and select Deploy > Deploy to FortiGate Cloud. Select the subaccount for the selected devices. You can also select a timezone for the devices.
- Click OK. FortiGate Cloud moves the devices to the FortiGate Cloud Deployed subpage.
To assign a device to a subaccount on the homepage:
Assigning a device to a new subaccount keeps the device data in FortiGate Cloud, including logs, reports, and configuration backups, and moves this data to the new subaccount. To delete this data, you must undeploy your device from FortiGate Cloud, then assign it to the desired subaccount. |
You can assign a device to a different subaccount, including RMA devices.
- On the Assets page, click the Action icon beside the desired device, then click Assign To.
- In the Assign To dialog, select the desired subaccount, then click Submit.
- In the confirmation dialog, click YES.
To manage subaccounts:
- Go to Settings > Account Setting. You can view all accounts associated with this FortiGate Cloud. You can see that users have different roles. For role descriptions, see User roles.
- Click Manage Sub Accounts.
- You can add, delete, edit, or move sub accounts as desired. Click Return once done.
When you move a subaccount, FortiGate Cloud deletes all scheduled reports and tasks associated with that subaccount's devices. This warning displays in the GUI when you move a subaccount.
To go to another subaccount:
- On the top banner, click the Sub Account dropdown list.
- Do one of the following:
- To search for the desired subaccount, enter its name in the field. The dropdown list shows subaccounts that include the search term.
- Click the desired subaccount in the dropdown list.
User roles
The multitenancy account includes different user roles. You can view users and their roles by going to Settings > Account Setting. For multitenancy accounts, admins and regular users can select single or multiple subaccounts.
User role |
Description |
---|---|
Admin |
Can access and manage devices under all subaccounts. |
Regular |
View-only access to devices under all subaccounts. |