Skip to content

Multi-Tenant Organization

What is Multi-Tenancy

Multi-tenancy is an architecture where a single instance of GuardMDM serves multiple independent organizations (tenants). Each tenant operates as a completely separate entity within the same system, with its own:

  • Devices
  • Device groups
  • Blueprints (configuration profiles)
  • Users and administrators
  • Settings and policies

This allows a single GuardMDM deployment to serve an MSP (Managed Service Provider), an enterprise with multiple business units, or any scenario where organizations need to be kept separate.

Device Limits Per Tenant

Each tenant can have a configurable device limit. When a tenant reaches its device cap, no new devices can enroll until existing ones are removed or the limit is increased. This is useful for:

  • Enforcing subscription tiers in a SaaS model
  • Controlling resource usage across business units
  • Preventing accidental over-enrollment

The device limit is set by the super admin and can be adjusted per tenant.

Tenant Isolation

Data between tenants is completely isolated. A user or device in Tenant A cannot access any data belonging to Tenant B. This isolation covers:

  • Device data — inventory, status, location, commands
  • Configuration profiles — blueprints, custom XML, settings
  • User accounts — admin users, enrollment users
  • Groups — device groups, organizational groupings
  • Logs and events — audit trails, command history, enrollment logs

This isolation is enforced at the database level and the application level. There is no shared namespace between tenants.

Super Admin

The super admin account exists outside any single tenant and has visibility across all tenants. The super admin can:

  • Create, edit, and delete tenants
  • Set device limits per tenant
  • View all tenants' devices, groups, and blueprints
  • Perform administrative actions across tenants
  • Assign tenant-level admins

The super admin does not count against any tenant's device limit.

Switching Between Tenants

When logged in as a super admin, you can switch between tenants from the organization switcher in the top navigation bar. Selecting a tenant changes the context to that tenant's data — you will see only that tenant's devices, groups, blueprints, and users.

Tenant-level admins see only their own tenant and do not have a tenant switcher.

Summary

FeatureTenant AdminSuper Admin
Manage own devices, groups, blueprintsYesYes (per tenant)
View other tenants' dataNoYes
Create / delete tenantsNoYes
Set device limitsNoYes
Switch between tenantsNoYes

Released under the MIT License