HomeAPI ReferenceSDKs
Guides
Help CenterSign up for Frontegg

Enable sub-account management

Suggest Edits

When you have multiple tenants, and wish to grant them the ability to manage their own sub-accounts, you need to enable that option via the portla.

Step 1: Giving accounts the sub-account management capability

Two possible ways to give accounts a sub-account management capability are by API or via the Frontegg Dashboard.

Sub-account management via API

To make an account an MSP or reseller, you need to invoke a PUT request to the following API and include the tenantId of the account you want to give this ability to:

https://api.frontegg.com/tenants/resources/tenants/v1/:tenantId

In the body of the request, include the following parameter:

{
    "isReseller": true
}

Frontegg Dashboard

  1. Navigate to Backoffice —> Accounts
  2. Go to the account you want to enable the feature for
  3. Go to the Actions menu, and press the Enable sub-account management option

Step 2: Assigning permissions

To access the All Accounts tab in the Admin Portal, users must be assigned specific roles with corresponding Permissions:

  1. Read Access to Sub-Accounts:
    To view the "All Accounts" tab, users must have the role that grants them the "Read sub-accounts" permission: fe.account-hierarchy.read.subAccount. This permission allows them to view sub-account information.

  2. Create or Update Sub-Accounts:
    If users need to create or update sub-accounts, they should be assigned a role with the "Create or update sub account" permission: fe.account-hierarchy.write.subAccount. This permission enables users to add new sub-accounts or modify existing ones.

  3. Delete Sub-Accounts:
    To delete sub-accounts, users must have a role with the "Delete sub-accounts" permission: fe.account-hierarchy.delete.subAccount. With this permission, users can remove unwanted sub-accounts from the system.

  4. Grant Access to Sub-Accounts:
    If users need to provide access to sub-accounts within the account hierarchy, they should be assigned a role with the "Give access to sub-accounts" permission: fe.account-hierarchy.write.subAccountAccess. This permission allows users to assign access rights to other users for specific sub-accounts.

By ensuring users have the appropriate roles and permissions, you can control their access levels and actions within the Admin Portal effectively.

Updated 2 months ago