How to add managers and define their access to the TinyMDM console?

Main admin can add sub admins with different permissions

Managers

Add managers

– Go on to the Managers and Structure tab and then under Managers tab.
– On the top-right, click on Create a manager to add them one by one, or on Import managers to import them via a csv file.

Once created, managers appear as a card. You have the possibility to send an invitation to each manager, who will receive a email to define his own password to connect to the TinyMDM’s console.

managers

Define their access

– Click  on the   to edit a manger’s rights.

– You only need to tick the boxes corresponding to the rights you want to attribute him/her.
– If you want to avoid doing this manipulation for each manager, you can also duplicate the existing manager and his permissions by clicking on .

management permissions

On this screenshot for example, only the access to the DEMO policy is authorized: the manager won’t see the other policies, and he will not be able to see the invoices.

Add groups of managers

– Go on to the Managers and Structure tab and then under Manager groups tab.
– On the top-right, click on Add managers group to add them one by one, give it a name of your choice and then define the group’s permissions.

Once created, you will need to go back to the Managers tab, select the managers you want to appear in this group and click on Add selected managers to a group from the menu . You will then be able to choose the group in which you wish to add these managers.

add managers group
add managers group

If the group to which you have added your managers has different permissions to those they had previously, they will automatically be assigned the permissions of their new group.

Structure and organization

The Structure and Entities feature enables you to go further in the managers configuration. This feature could be useful in your TinyMDM account regroups multiple companies, or if you have many devices to manage and if you don’t want every managers to have access to all the users / devices. By creating a structure with multiple levels of hierarchy, you can attribute managers to a certain level of this structure. Then they will only have access to a filtered view of the console, regarding their level access.

Create a structure

– To add levels (entities) on the structure, click on . You can then rename the entity.
– To delete an entity, you only need to click on . Be careful: deleting an entity means that you also delete all the sub-entities.

structure

Assign managers to an entity

– Go on to Managers tab
– Click on  in front of No entity
– Select the entity linked to this manager.

A manager on the top of the structure will have a global view of the console. A manager linked to parent entity will have a view of all the information of its level and the sub-entities levels. A manager linked to a sub-entity will only see the information of its level.

managers with entities

Assign groups of users (and their affiliated devices) to an entity

Affecting a group of users to an entity enables to filter the visualization of the console for each manager according to his level in the structure. To do so, you have to affect a group of users to an entity (the rest as the linked devices and policies, will automatically be affected).

– Go to the Users and Groups tab and on the Groups sub-tab. If before you need to assign users to group, follow this tutorial.
– In this tab, you see your groups of users and the policy they are affected to (if they are already created). It is here that you can link a group to an entity, by clicking on in front of No entity and by selecting the entity of your choice.

entity

If we take the example of the above structure:
– Manager 1 (manager1@example.com), from the Global entity, will have an overview of the console.
– Manager 2 (manager2@example.com) will only see the group of users affected to the entity Enterprise 1. In the same way, he will only see the devices and policies linked to those users (including those linked to the entities “Direction”, “Team A”, “Team B”, “Field workers” or “Zone A”).
– Manager 3 (manager3@example.com), from the Team A entity, will only see the group of users assigned to the Team A entity. And he will only see the devices and the policies linked to those users. His view will be limited to the Team A.

As the main administrator, you also have the possibility to see how the different managers can see the administration console and which access they have. You just need to click on , on the manager’s card.

view as a manager

Once you have finished viewing the console as a specific manager, you can click on Exit to have a full access.