Sub-account management

This revolutionary feature lets you, the vendor, give your accounts the ability to create and manage sub-accounts in a hierarchy, giving them greater control and flexibility over their account structure.

It’s perfect for scenarios where you have a complicated account structure or let your customers manage or resell your product.

Getting Started with Account Hierarchy

In this section, we will cover the prerequisites for allowing your customers to manage sub-accounts, which include preparing your app, assigning permissions, choosing the relevant accounts, and setting up a parent-child relationship between accounts.


Required Versions

React - 5.0.44
Angular - 5.35.0
Vue - 2.0.40
Next - 7.0.14

Prerequisites for using sub-accounts

To use the sub-accounts feature, you must have a Frontegg account and an account you want to give the account hierarchy capability to.

Step 1: Giving accounts the sub-account management capability

Now that you’ve added the metadata to your app and your Admin Portal is prepared to support sub-account management, you can choose which accounts are able to manage sub-accounts.

There are 2 ways to do this: by API and through the Frontegg Dashboard.


To make an account an MSP or reseller, make a PUT request to the following API and include the tenantId of the account you want to give this ability to:

In the body of the request, include the following parameter:

    "isReseller": true

Frontegg Dashboard

  1. Navigate to Backoffice —> Accounts
  2. Find the account you want to be able to manage sub-accounts
  3. In the context menu, you should see an option “Enable sub-account management”
  4. Click it, and now that account will be able to manage sub-accounts in their Admin Portal

Step 2: Assigning the correct permissions

For a user to see the “All Accounts” tab in the Admin Portal and to see all accounts, they need a role that has the “Read sub-accounts” permission:

For a user to be able to create or update sub-accounts, they need a role with the “Create or update sub account” permission: fe.account-hierarchy.write.subAccount

For a user to be able to delete sub-accounts, they need a role with the “Delete sub-accounts” permission: fe.account-hierarchy.delete.subAccount

For a user to be able to give users in the account hierarchy access to sub-accounts, they need a role with the “Give access to sub-accounts” permission: fe.account-hierarchy.write.subAccountAccess

Managing Sub-accounts in the Admin Portal

Now that you’ve given an account the ability to manage sub-accounts, they should be able to see a new section in their Admin Portal: Managed.

In the Managed section, they should find a new tab: All Accounts.

This is their entry point to the place where they can create, manage, and delete sub-accounts underneath them.

The first screen accounts will see when entering the All Accounts tab, as you can expect, is a list of all accounts. When first starting out though, MSP accounts will only see one account - the current one.

All accounts

When viewing All Accounts, users can choose to see their account hierarchy in 2 views: Table and Graph.

Table view

In the table view, you’ll be able to see your account at the top, and all sub-accounts under it. You’ll be able to see the account name, how many users it has, and when it was created.

Graph view

Switching to the graph view gives you a better representation of how your account tree looks.

Creating sub-accounts

To create a sub-account, all the user needs to do is to click “Create New Account”. Then they should choose an account name, and choose a parent account.

Managing Individual Sub-Accounts

In this section, we will cover viewing sub-account details, editing sub-account information, removing a sub-account.

Viewing a sub-account

You can view any individual sub-account by clicking on the account name in either the table or graph view.

You’ll see a summary of the account including the account name, its path to the top account, how many users it has, and how many sub-accounts it has.

Removing a sub-account

To remove a sub-account, you can navigate to the sub-accounts section of your master account and select the sub-account you wish to remove. From there, you can delete the sub-account, which will remove it from the hierarchy.

However, accounts can only be deleted if they have no children.

Inviting Users to Sub-Accounts

There are 2 ways to invite users to sub-accounts: by inviting them explicitly, or by giving them access through a parent account.

Explicitly inviting users to accounts

You can invite users directly to accounts by clicking on Invite Users. When you do, they will get an invitation email.

Giving Access to Sub-accounts

If you want a user to have access to a branch of the hierarchy but don’t want to invite them to every account, you can give them access from that account down to all existing and future sub-accounts. This means that while they won’t get invitations for all those tenants, they will be able to log in to each one. They will get the roles given to them in the parent account where they were given access. If sub-accounts on that branch are created in the future, they will have access to those too.

Access to sub-accounts can be granted when users are invited, or afterwards, and can be revoked at any time.