Switching Among Cloud App Security Tenants Using One Local Account

For organizations that have multiple CLP accounts for business, administrative, legal, or other considerations, Cloud App Security deploys separate tenants for each CLP account. Each tenant environment on the management console can be accessed only by the corresponding CLP account and the local administrator accounts created under the tenant.

To ease the cross-tenant security analytics and management within your organization, Cloud App Security allows you to associate a local administrator account with multiple Cloud App Security tenants, so you can switch among and manage these tenants with one single account on the management console, without repeated logoff and logon using different administrator accounts.


Make sure that the Cloud App Security tenants you want to associate are in the same Cloud App Security serving site, for the example, the US site. For more information about the Cloud App Security sites, see Data Center Geography.

Multi-tenant switching is also available for Trend Micro LMP customers.

The steps outlined below detail how to create and use an administrator account to switch among multiple Cloud App Security tenant environments on the management console. This procedure uses three tenants A, B, and C with CLP accounts A, B, and C respectively as an example.

  1. Create an administrator account with the multi-tenant switching capability in tenant A.
    1. Log on to the management console using CLP account A.
    2. Go to Administration > Administrator and Role > Administrators, and click Add.
    3. Create an administrator account, for example, admin@example.com, and enable multi-tenant switching. For details, see Adding an Administrator Account.

      On the Administrators screen, the status of this account under Multi-Tenant Switching is No. After it is added to another tenant, the status will change to Yes.

    4. Verify the administrator account or use it to log on to the management console for at least once.
  2. Add the administrator account in tenant B.
    1. Log on to the management console using CLP account B.
    2. Go to Administration > Administrator and Role > Administrators, and click Add.
    3. Type the email address admin@example.com of the administrator account in the Email Address text box, and select the Allow the administrator to switch among Cloud App Security tenants of your organization from the management console. check box.

      SSO to Console and Role change to Inherited. This administrator shares the same settings as configured in the tenant, for example, tenant A in this section, where it was created. The settings are not editable in the current tenant. You can go to tenant A to view and modify the settings for this administrator.

    4. Specify a user name in the Name text box.
    5. Click Save.

      The administrator account is successfully added and displayed on the Administrators screen in the current tenant.

  3. Repeat step 2 to add the administrator account in tenant C.
  4. Log on to the management console using this newly-added administrator account.

    The Dashboard screen of tenant A the appears.

  5. Hover over the account name in the upper right corner and then Switch tenant.

    The tenant list with the respective CLP account name appears, with tenant A selected. The tenant where the administrator account was created always displays at the top.

  6. Select the tenant you want to switch to.

    The Dashboard screen of the selected tenant appears.

  7. (Optional) Delete the administrator account.

    This administrator account can be removed from where it was created (tenant A in this procedure) only after it is removed from all the associated tenants (tenants B and C in this procedure).

    1. Go to the tenant that you do not allow to switch to, and remove the account from the tenant.

      The tenant disappears from the Switch tenant list.

    2. Repeat step 7a to remove the account from all the associated tenants.

      Only the tenant where the account was created (tenant A in this procedure) appears in the Switch tenant list.

    3. Log on to the management console of tenant A using either CLP account A or another account, and then remove the administrator account.