How to add managers and define their access to the TinyMDM console?
You can add managers to TinyMDM to prevent all admin from logging in with the same login and having the same access rights. In this tutorial, find out how to add managers, define their access and create structures.
A. Managers
1. Add managers
Go on to the Managers and Structure tab and then under Managers tab. You have three options for adding managers:
- Create a manager who connects directly with their Google account (Google SSO)
- Create a manager who logs in with their email address and password
- Import a list of managers via a CSV file
a. Create a manager with Google SSO
- Click on Create a manager with Google SSO, then on the page that opens, enter the email address linked to the manager’s Google Account (required) and a description (optional).
- Define the manager’s permissions by ticking the features that are granted and unticking those that are denied.
- Then click Back at the top right of the page. A pop-up window will appear allowing you to choose wheter or not to send an invitation email to the manager. By clicking Ok, the manager will receive an email informing them to use the “Connect with Google” button each time they log in.
By clicking on Connect with Google button, the manager will have access to TinyMDM account according to their needs, and this without configuring their password.
b. Create a manager with an email and password
- Click on Create a manager and enter the manager’s email address (required) and a description (optional).
- Define the manager’s permissions by ticking the accesses that are granted and unticking those that are denied.
- Then click on Back at the top right of the page. A pop-up window will appear allowing you to choose whether or not to send an invitation email to the manager. By clicking on Ok, the manager will receive an email informing them to set a password to access their TinyMDM account.
Once the password has been created, the manager will be able to connect to the TinyMDM account using their email address and password.
c. Import managers
- Create a CSV file in the following format: <manager_email>;<manager_description>;<send_invitation>
- Then click on Import managers and add your CSV file. Once the CSV file has been imported, you can change the access permissions for each administrator by clicking on Edit manager.
If you have requested to send an email to the managers, they will receive an email so that they can create their password and connect to TinyMDM with their email and password. If you want managers to log in with their Google account, please follow step a.
2. Define their access
- Click on the
to edit a manger’s rights. - You only need to tick the boxes corresponding to the rights you want to attribute him/her.
- If you want to avoid doing this manipulation for each manager, you can also duplicate the existing manager and his permissions by clicking on
.
On this screenshot for example, only the access to the DEMO policy is authorized. The manager won’t see the other policies, and he will not be able to see the invoices.
3. Add groups of managers
- Go on to the Managers and Structure tab and then under Manager groups tab.
- On the top-right, click on Add managers group to add them one by one, give it a name of your choice and then define the group’s permissions.
Once created, you will need to go back to the Managers tab, select the managers you want to appear in this group and click on Add selected managers to a group from the menu 
. You will then be able to choose the group in which you wish to add these managers.
If you add your managers to a group with different permissions than they had previously, they will automatically receive the permissions of their new group.
B. Structure and organization
The Structure and Entities feature enables you to go further in the managers configuration. This feature could be useful if your TinyMDM account regroups multiple companies, or if you have many devices to manage and you don’t want every manager to have access to all the users / devices. By creating a structure with multiple levels of hierarchy, you can link managers to a certain level of this structure. Then, they will only have access to a filtered view of the console, depending of their level in the structure.
1. Create a structure
- To add levels (entities) in the structure, click on
. You can then rename the entity. - To delete an entity, you only need to click on
. Be careful: deleting an entity means that you also delete all the sub-entities.
2. Assign managers to an entity
- Go in the Managers tab
- Click on
in front of No entity - Select the entity that is to be linked to this manager.
A manager on the top of the structure will have a global view of the console. He linked to a parent entity will have a view of all the information of their level and the sub-entities levels. A manager linked to a sub-entity will only see the information of their level.
3. Assign groups of users (and their affiliated devices) to an entity
Affecting a group of users to an entity enables to filter the visualization of the console for each manager according to their level in the structure. To do so, you have to affect a group of users to an entity (the linked devices and policies, will automatically be affected).
- Go to the Users and Groups tab and on the Groups sub-tab. If before you need to assign users to group, follow this tutorial.
- In this tab, you see your groups of users and the policy they are affected to (if they are already created). It is here that you can link a group to an entity, by clicking on in front of No entity and by selecting the entity of your choice.
If we take the example of the above structure:
- Manager 1 (manager1@example.com), from the Global entity, will have an overview of the console.
- Manager 2 (manager2@example.com) will only see the group of users affected to the entity Enterprise 1. In the same way, he will only see the devices and policies linked to those users (including those linked to the entities “Direction”, “Team A”, “Team B”, “Field workers” or “Zone A”).
- Manager 3 (manager3@example.com), from the Team A entity, will only see the group of users assigned to the Team A entity. And he will only see the devices and the policies linked to those users. His view will be limited to the Team A.
- As the main administrator, you also have the possibility to see how the different managers can see the administration console and which access they have. You just need to click on
non the manager’s card.
Once you have finished viewing the console as a specific manager, you can click on Exit to have a full access.
- If a manager is linked to an entity, even if it is the default entity, they will only see the users that are part of a group linked to an entity. If some users aren’t linked to a group or if their group isn’t linked to an entity, they will be invisible to such a manager.