There is no simple way to use one identity server for multiple companies.

Normally when you add an identity server to a company, assigned groups, all rights are inherited automatically to the members of the groups. As the company top level relation is missing you will get cosmetic errors such as for example an Exchange DAG cluster telling that not all subclient information could be loaded.

You can however force manual relations by editing the Operators for the company and adding the domain group combined with the Tenant Admin role for example.

At first logon they will receive this option where they can select their company:

They dashboard will be the commcell dashboard and not the company one, but they will have rights for only their clients.

They will also be able to manage their company.
I am sure there are some limitations, but for general backup and recovery they should be fine.
Combined with an AuthCode they can install agents and assign them to their company without login in with their own account in the installer.

Hello @Jos Meijer, thank you for your reply.

A separate authcode was one of the win’s I was looking for, but I am a little reluctant to go for a “hack” to get this to semi-work.

So I think I will revert to the old ways using security roles and groups, and for now just accept the limitation of only one organization level.

Kjell Erik Furnes