Add a Tenant to a Host - EoL - Multi-Tenant Guide - 6.11 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Cortex XSOAR
Creation date
Last date published
End of Life > EoL
Multi-Tenant Guide

Add a new tenant (account) to a host server for Cortex XSOAR Multi-Tenant deployment. Populate tenants with users by specifying user roles.

A tenant, or account, is a single instance of Cortex XSOAR that you connect to a host. You populate tenants with users by specifying user roles. Any user who belongs to a selected role is automatically added to the account. All nested roles (both directions) must be explicitly assigned. Users cannot access data on a tenant unless they have a role assigned to that tenant. When you create the tenant account you can specify the propagation labels, which determines which content items are eligible for syncing to the tenant.


When adding a role, by default, the administrator with read and write permissions is added automatically.

Each tenant machine must meet the multi-tenant sizing requirements.

  1. In Cortex XSOAR, go to Settings+ACCOUNT MANAGEMENTAccounts.

  2. Click the Add account button.

  3. Enter a meaningful name for the account.

    The account name cannot contain white space.

  4. Choose the host or high availability group.

  5. (Optional) Select existing propagation labels or type new propagation labels.

  6. Select at least one role to add to the account.

    The administrator with read and write permissions is added to the account by default. You can change this if required.

  7. Click Create account.

You can access the tenant account via the main account URL or via the host URL, depending on your specific needs. If you access a tenant account via the main account, the main account must have a public URL. If you access a tenant account via the host, the host must have a public URL. Keep in mind that if you access the tenant account via the host URL, the entry will not be recorded in the main account.

In the Main Account, you can also select which tenant account’s dashboard, incidents, and indicators (Threat Intel page) to view and take action as necessary without having to switch accounts. This enables you to view information quickly and more efficiently.

Location may be a factor when planning how to access accounts. If a user is in Europe, the main account is in the United States, and the tenant account is in Europe, accessing the tenant account through the main account requires going from Europe to the United States and back to Europe, and is less efficient than directly accessing the host URL.


To delete a tenant, go to SettingsACCOUNT MANAGEMENTAccounts . Select the tenant, Stop the tenant, and then Delete account.