How to add managers and define their access to the TinyMDM console?
You can add managers to TinyMDM to prevent all admin from logging in with the same login and having the same access rights. In this tutorial, find out how to add managers, define their access and create structures.
A. Managers
Important info:
- To create a new manager, the email you choose must not already be used as the main administrator of a TinyMDM account. If this is the case and you wish to change the email of the main administrator of the account in question, you can modify it by following this tutorial.
- If the email address of the new manager is already being used as a manager on another TinyMDM account, then the manager will be able to connect to both accounts and potentially transfer devices between them. If you don’t want the manager to be able to transfer devices: when managing its permissions, uncheck the Change device’s user option in the Devices group. Find out more about transferring devices.
1. Create managers and assign them permissions
Go on to the Managers and Structure tab, under Managers subtab. You have three options for adding managers:
- Create a manager who logs in with their email address and password
- Create a manager who connects directly with their Google account (Google SSO)
- Import a list of managers via a CSV file
a. Create a manager with an email and password
- Click on Create a manager. It will open the manager’s permissions page:
- On top of the page, enter the manager’s email address (required) and a description (optional).
- Check off each action that the manager can perform when logging on to the administration console. All checked actions are considered authorized; all unchecked actions are prohibited.
- Then click on Back at the top right of the page. A pop-up window will appear allowing you to choose whether or not to send an invitation email to the manager. By clicking on Ok, the manager will receive an email informing them to set a password to access their TinyMDM account.
Once the password has been created, the manager will be able to connect to TinyMDM using its email address and password.
b. Create a manager with Google SSO
- Click on Create a manager with Google SSO. It will open the manager’s permissions page:
- On top of the page, enter the manager’s email address (required) and a description (optional).
- Check off each action that the manager can perform when logging on to the administration console. All checked actions are considered authorized; all unchecked actions are prohibited.
- Then click Back at the top right of the page. A pop-up window will appear allowing you to choose whether or not to send an invitation email to the manager. By clicking Ok, the manager will receive an email to use the “Connect with Google” button each time they log in.
By clicking on Connect with Google button, the manager will have access to TinyMDM account according to their needs, and this without configuring their password.
c. Import managers
Start by creating a CSV file in the following format: <manager_email>;<manager_description>;<send_invitation>. Once it is done, click on Import managers and add your file.
Once your CSV file has been imported, all your managers will appear on TinyMDM. To modify a manager’s permissions, click on its 
menu , then on Edit manager. The Permissions page opens:.
Modify the permitted actions for this manager by checking the permitted actions and unchecking the prohibited ones.
If you have requested to send an email to the managers, they will receive an email so that they can create their password and connect to TinyMDM with their email and password. If you want managers to log in with their Google account, please follow step b.
2. Add groups of managers
If you wish to create groups of managers with the same permissions on the admin console, you can create manager groups. To do this:
- Go on to the Managers and Structure tab and then under Manager groups subtab.
- On the top-right, click on Add managers group. The permissions page opens:
Enter the group name, then tick each action that managers in this group will be able to perform when logging on to the administration console. All checked actions are considered authorized; all unchecked actions are prohibited.
Once the group has been created and permissions authorized, return to the Managers sub-tab, then:
- Select the managers you wish to appear in this group by ticking them off one by one.
- In the blue banner that appears, click on the menu , then on Modify managers group. All selected managers will then be considered members of the same group.
Important: when a manager is linked to a group, he automatically takes over the group’s permissions, thus cancelling his individual permissions.
B. Structure and organization
The Structure tab enables you to go further in the managers configuration. It could be useful if:
- your TinyMDM account regroups multiple companies
- if you have many devices to manage and you don’t want every manager to have access to all the users / devices.
By creating a structure with multiple levels of hierarchy, you can link managers to a certain level of this structure. Then, they will only have access to a filtered view of the console, depending of their level in the structure.
1. Create a structure
- To add levels (entities) in the structure, click on
. You can then rename the entity. - To delete an entity, you only need to click on
. Be careful: deleting an entity means that you also delete all the sub-entities.
2. Assign managers to an entity of the structure
- Go in the Managers tab
- Click on
in front of No entity - Select the entity that is to be linked to this manager.
A manager on the top of the structure will have a global view of the console. He linked to a parent entity will have a view of all the information of their level and the sub-entities levels. A manager linked to a sub-entity will only see the information of their level.
3. Assign groups of users (and their affiliated devices) to an entity
Affecting a group of users to an entity enables to filter the visualization of the console for each manager according to their level in the structure. To do so, you have to affect a group of users to an entity (the linked devices and policies, will automatically be affected).
- Go to the Users and Groups tab and on the Groups sub-tab. If before you need to assign users to group, follow this tutorial.
- In this tab, you see your groups of users and the policy they are affected to (if they are already created). It is here that you can link a group to an entity, by clicking on in front of No entity and by selecting the entity of your choice.
If we take the example of the above structure:
- Manager 1 (manager1@example.com), from the Global entity, will have an overview of the console.
- Manager 2 (manager2@example.com) will only see the group of users affected to the entity Enterprise 1. In the same way, he will only see the devices and policies linked to those users (including those linked to the entities “Direction”, “Team A”, “Team B”, “Field workers” or “Zone A”).
- Manager 3 (manager3@example.com), from the Team A entity, will only see the group of users assigned to the Team A entity. And he will only see the devices and the policies linked to those users. His view will be limited to the Team A.
As the main administrator, you also have the possibility to see how the different managers can see the administration console and which access they have. You just need to click on 
non the manager’s card.
Once you have finished viewing the console as a specific manager, you can click on Exit to have a full access.
If a manager is linked to an entity, even if it is the default entity, they will only see the users that are part of a group linked to an entity. If some users aren’t linked to a group or if their group isn’t linked to an entity, they will be invisible to such a manager.