Skip to content
Accounts module/
/
Create an account (tenant...

Account Management Overview

Frontegg is built with multi-tenancy in mind, allowing the creation and management of multiple accounts (tenants) within an environment. This section provides an overview of relevant API endpoints, organized into Management and Self-Service categories, supporting the creation of accounts, hierarchies, and sub-accounts.

Management Endpoints: Require environment-level authorization and offer full control over resources, including SSO (SAML and OIDC) configurations, account hierarchies, and sub-accounts.

Self-Service Endpoints: Accessible with a user token (JWT), enabling users with the appropriate permissions to create, update, and delete sub-accounts from ah hierarchy.

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Languages
Servers
EU Region
https://api.frontegg.com/tenants/
US Region
https://api.us.frontegg.com/tenants/
CA Region
https://api.ca.frontegg.com/tenants/
AU Region
https://api.au.frontegg.com/tenants/
Frontegg sub-domain for use with user tokens
https://{domain}.frontegg.com/tenants/

Accounts

Operations

Delete account (tenant)

Request

Remove an account (tenant) and all its users. If the account is part of a hierarchy, all sub-accounts are reassigned to the deleted account's parent. Requires an environment token obtained from the environment authentication route.

Security
bearer
Path
tenantIdstringrequired
curl -i -X DELETE \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When the given account (tenant) doesn't exist.

Create an account (tenant)

Request

Create a new account (tenant). If an account with the given ID previously existed and was removed, this action will reactivate that account. Requires an environment token obtained from the environment authentication route.

Security
bearer
Bodyapplication/jsonrequired
tenantIdstring

Send your own unique tenantId or Frontegg will auto-generate a UUID

namestring
statusstring

This field can be used for custom logic, it is not enforced in Frontegg flows

websitestring
applicationUrlstring
logostring

Base64-encoded image to use as logo.

logoUrlstring
addressstring
timezonestring
currencystring
creatorNamestring
creatorEmailstring
isResellerboolean
parentTenantIdstring
curl -i -X POST \
  https://api.frontegg.com/tenants/resources/tenants/v1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "tenantId": "string",
    "name": "string",
    "status": "string",
    "website": "string",
    "applicationUrl": "string",
    "logo": "string",
    "logoUrl": "string",
    "address": "string",
    "timezone": "string",
    "currency": "string",
    "creatorName": "string",
    "creatorEmail": "string",
    "isReseller": true,
    "parentTenantId": "string"
  }'

Responses

When the account (tenant) ID does not pass the validation.

Delete current account (tenant)

Request

Delete the current account (tenant) and all users belonging to that account.

Only users with the fe.account-settings.delete.account permission can perform this action.

A user token is required for this route and can be obtained after user authentication.

Security
bearer
curl -i -X DELETE \
  https://api.frontegg.com/tenants/resources/tenants/v1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When current account (tenant) has been removed.

Sub-accounts and hierarchy

Operations

Account migration

Operations

Account settings

Operations

Sub-accounts

Operations