User Management


The Xyte platform offers a number of authorization methods via a complex, multi-tenant setup. The base entities are Partners (OEMs), End Customers (organizations signing up to manage devices), Users and Groups.

All Users for a given organization are part of a single "Cloud" and cannot login to a different cloud. (The exception are Support Users external to the organization, who may connect to any End Customer in any Partner Cloud).


A user "[email protected]" registers on and claims some devices. If the same user attempts to sign in to a cloud that belongs to another Partner, they will not be able to access that cloud.


  • Partner - Any OEM, Channel Partner, etc registered on the Xyte Platform
  • Partner Portal - The portal through which Partners manage their device models, supported customers, ecommerce offerings and more.
  • Customer Portal - The portal through which End Customers manage their devices.
  • Partner Cloud - A tenant through which the devices of the Partner's End Customers can be managed.
  • End Customer - Any organization that registers through a Partner Cloud for the purposes of monitoring and managing their devices and/or managing their hardware/device/equipment subscriptions.
  • Partner User - A user registered in a Partner Portal
  • End User - A user registered in a Customer Portal for a single Partner.
  • Support User - An external user who holds a support seat and may support multiple End Customers.
  • Group - A group of users registered in a Customer Portal for a single Partner.

Partner Cloud

Each Partner receives their own private tenant, through which all End Customers, Users and Groups are managed. Each User and Group belongs to one single End Customer inside the tenant.

In this example, we have an OEM named "MachinePro". The cloud for this OEM has two End Customers "Acme Org" and "Nexus Org" with the first having two Users and a Group and the second a single User.

The Partner Cloud is not limited on the number of End Customers who can sign-up (or be invited) and each End Customer has an unlimited number of Users and Groups they can create.

Sing-in and sign-up to the Partner Cloud is done via the Partner's custom URL (which defaults to but can be changed to a custom domain).

Partners Cloud

All OEMs are by themselves part of the main Xyte Cloud. These Uses can access the Partner's portal, allowing them to manage devices, models, store and many other aspects of the Partner's portal.

In this example there are two Partners on the platform, each with their own Users and Groups.

The Partner Portal Overview can be accessed via:

Lab Accounts and Access

Each Partner Cloud comes automatically with a single End Customer marked as "Lab" (which functions like a sandbox). Lab customers have some special functionality, including:

  • Ability to claim un-published models for testing
  • Purchase non-published products
  • Use a lab payment method to test purchase flows

In this example there are 3 clouds, the "Xyte Partner Cloud" and two Partners named "TechWorks" and "MachinePro". The user U1 has access to the "TechWorks" partner portal but also has access to the "TechWorks Lab" End Customer. To access that Lab, the user must sign-in on

Multiple Lab Accounts

Multiple lab accounts are supported by the platform and can be created upon request. This feature can be used to separate the work done by developers, sales, marketing, etc teams.

Any Partner User who is a member of the Administrators Group can automatically switch to any Lab account in their Cloud.

> In this example the user U3 is part of the "MachinePro" partner's Administrators group and thus has access to both "MachinePro"'s labs.

Accessing Labs

There are two main methods to access the Lab accounts:

  1. Sign-in at
  2. Visit the list of End Customers in the Parther Portal at and click "Visit Portal"

Switching between Labs (or any End Customers)

For Users with access to multiple End Customers, either Labs (by being Partner Administrator) or through Support Seats, can access the list of accessible End Customers by going to the End Customer portal ( and clicking the top-left menu -> Switch Tenant.

Support Seats

In some cases, a Partner User will need to access End Customers that are not Lab accounts and possibly End Customers who are relatedto other Partners.

Sample use cases:

  1. An OEM Partner wants to provide direct support to devices they sell to customers.
  2. An Integrator Partner wants to provide full management services to End Customers with devices from multiple manufacturers

To support these use cases, Partner Users can buy and manage Support Seats. Each seat can be assigned to a single Partner User. Users with such a seat can now be invited by End Customers and granted granular access to their tenant.

In this example, the user U2 has a Support Seat assigned and were granted access to three different End Customers belonging to two different Partner Clouds.

Assign access

There are two methods for Support Users to gain access to an End Customer

  1. When an End Customer is created from the Customers view by a Support User, the Support User can choose if End User should be granted administrator-evel access.
  2. From the Customer portal, administrators can invite Support Users to be part of their Groups (e.g. Administrators) or grant them direct access on a space level.