Important
If you've set up a low-touch organization structure, this step doesn't apply to you. See the low-touch details in Step 1: Create accounts and organizations.
Account sharing makes it possible for administrators in a managing organization to make the data they are monitoring visible to their managed organizations. After you've set up the initial account sharing in your high-touch organization structure (see Create accounts and organizations), you may find it necessary to make some follow-up changes.
Let's say you're an administrator in Betty's MSP (a managed service provider) who's monitoring a managed account for your customer Wayne Enterprises. You've also shared that account with the Wayne Enterprises organization. Here are some follow-up tasks you could perform:
Requirements
To use this feature, make sure you've completed the following for your organization:
- Get Approval: Contact your account representative to confirm your organization has been added to multi-tenancy. Once approved, you receive the multi-tenant entitlement.
- Make sure you have correct user types: Users within the managing org that will leverage the above feature set need to be provisioned as either a core or full platform users.
- Add users to appropriate group: Users with the core or full platform user type need to be added to a group with
tenant_settingsapplied.
What can you call in Nerdgraph?
To help you get acquainted with account sharing, we have some basic examples below. First, take a look at the general routine:
- The source organization obtains the organization ID from the target organization. You can get the target organization ID from target organization users when they view their Access Management tab.
- The source organization calls the API and passes the target organization ID, account ID, and limiting role. The source organization can declare a limiting role which defines the maximum capabilities users from the target organization will be restricted to.
Here are the types of calls you can make for account sharing: