Managing fleets of embedded devices across multiple customers, teams, or product environments is a significant challenge that grows more complex as an organization's market share scales. Each tenant requires a different level of access, varying security policies, and its own set of workflows. Without proper separation in place, organizations experience fragmented user management, siloed configurations, and an increased risk of error or data leakage.
With the release of Mender Server 4.0, the Service Provider tenant stands to overhaul multi-tenancy within Mender. The Service Provider tenant enables streamlined management of multiple isolated environments, all from a centralized interface. Within the Service Provider tenant, there are new enhancements to single sign-on (SSO) capabilities, aimed at enhancing the user experience of multi-tenancy.
The SSO improvements in Mender Server 4.0 complement the Service Provider tenant, making it easier to govern access, strengthen security, and support seamless automation across tenants.
The evolution of multi-tenancy
With Mender Server 4.0, multi-tenancy capabilities are elevated through the introduction of the Service Provider tenant. The Service Provider tenant makes tenant separation more accessible through a dedicated interface and a two-level hierarchy that adds an entirely new layer of control and scalability.
- At the top level is the Service Provider admin tenant, which has visibility across multiple child tenants.
- Each child tenant operates independently and securely, with its own devices and users, and updates artifacts and automation rules.
The new Service Provider architecture is purpose-built for organizations that need to manage large, complex, or segmented environments—whether they’re supporting multiple external clients, internal development teams, or a mix of staging and production deployments.
The Service Provider tenant simplifies the governance of these environments, offering intuitive controls to set per-tenant device limits, assign or revoke admin rights, and maintain clear separation between environments without sacrificing central oversight. Tenant separation is a powerful foundation for scaling securely—but managing the users who interact with these tenants still demands an efficient, unified approach. To manage users and redundancies, the Service Provider tenant introduces SSO integration across tenants for necessary users.
User management at scale
User access management often becomes a large issue for OEMs as device fleets grow and diversify. Without a unified strategy, managing users across isolated tenants can lead to duplicate accounts, inconsistent permissions, and greater administrative overhead, which ultimately threatens the security of operations and devices.
This is particularly true in multi-tenant environments, where each tenant might need its own set of administrators, developers, or automation systems. For example:
- A managed service provider may onboard dozens of clients, each requiring secure, isolated access to their own devices.
- A large enterprise might need to split access between development, QA, and production environments.
- A contractor may need short-term access to a specific tenant without exposing sensitive data in others.
In these scenarios, SSO is critical in reducing redundancies and ensuring streamlined and correct access for users while also:
- Provisioning and de-provisioning users from a single source of truth
- Applying group-based access control policies consistently across all environments
- Reducing the risk of password fatigue and credential reuse
- Ensuring compliance with internal security standards and audit requirements
Today, Mender supports SSO through SAML (Security Assertion Markup Language (SAML) and OpenID Connected Federated authentication. Instead of managing separate login credentials for each tenant or across solutions, users authenticate once and gain access to all authorized environments—saving time, reducing support tickets, and improving the overall security posture.
Leveraging a SAML SSO foundation
Mender supports SSO through SAML—a well-established and widely adopted protocol in enterprise identity management. SAML integration allowed organizations to authenticate users through their existing identity provider, enabling centralized control over who accesses Mender and under what conditions. The approach allows:
- Simplified onboarding – New users can be granted access through existing supported directories, like Azure, Microsoft, or Google, without needing to manage additional Mender credentials.
- Stronger security – Credentials remain with the identity provider, reducing exposure to breaches, errors, and mismanagement.
- Streamlined audits – IT and security teams can trace access and permission changes through their central identity system, easing compliance with internal and external requirements.
SAML support is a key enabler of scalable user management. It reduces friction for DevOps and IT teams, empowers security administrators, and makes it easier to extend access to distributed teams, contractors, and partners or service providers.
Modernized SSO support for multi-tenancy
The enhanced SSO capabilities in Mender Server 4.0 support modern workflows and evolving enterprise needs. These SSO updates aim to introduce new ways to manage secure access while improving the overall user experience for authorized users in the Service Provider interface.
Personal Access Tokens (PATs) for SSO users
PATs serve as secure, revocable tokens that allow systems—like CI/CD pipelines or automated deployment tools—to interact with Mender without requiring user credentials. Mender Server 4.0 extends the PATs capabilities to SSO-authenticated users. Now, organizations that rely on identity providers for centralized user management can issue PATs tied to the same identities. PATs with SSO creates a seamless blend of human and machine access that aligns with modern DevOps practices.
Benefits:
- Automated workflows securely interact with Mender without exposing passwords.
- Tokens can be scoped, rotated, and revoked easily for SSO users.
- Organizations support advanced automation while maintaining centralized control.
OpenID Connect federated authentication
Mender 4.0 also introduces support for OpenID Connect (OIDC)—a modern, REST-friendly authentication protocol built on OAuth 2.0. OIDC is increasingly favored for its ease of implementation, better integration with cloud-native applications, and broader ecosystem support compared to SAML.
With OIDC support, Mender becomes compatible with a wider range of popular identity providers, including Auth0, Google Identity, Amazon Cognito, Keycloak, and more.
For teams building microservices, serverless applications, or cloud-native IoT platforms, OIDC is often the preferred choice for SSO because it offers centralized authentication and improved scalability. Furthermore, OIDC simplifies token-based authentication, making it easier to manage sessions, access levels, and identity across a distributed system.
Together, these two enhancements—PATs and OIDC for SSO users—bolsters Mender’s overall security, allowing teams to enforce modern security best practices while ensuring flexibility, scalability, and central control to manage embedded device fleets at scale, in traditional or
Real-world use cases: SSO with the Service Provider tenant
The combination of enhanced SSO support and the new Service Provider tenant unlocks a wide range of practical, real-world use cases for organizations managing embedded devices across multiple environments.
Managed Service Providers (MSPs)
An MSP supporting dozens—or even hundreds—of customers can use the Service Provider tenant to isolate each customer environment while maintaining a centralized management view. With SSO:
- Each customer’s team can log in through their own identity provider or domain-specific configuration.
- MSP administrators can easily onboard or revoke access to internal staff or external contractors using group policies in a central directory.
- PATs enable the MSP’s CI/CD infrastructure to securely deploy updates across tenants without manual intervention.
Large enterprises with internal segmentation
An enterprise managing both staging and production environments, or operating across multiple business units, can leverage child tenants to separate these environments. With SSO:
- Developers, QA teams, and operations staff get access only to the environments they’re authorized to manage.
- Access policies remain consistent with corporate identity standards, including multi-factor authentication and single-point user deactivation.
- PATs ensure that automated systems can upload artifacts or monitor updates, even when tied to SSO-managed user accounts.
Contractors and temporary access
When bringing in a third-party developer or auditor, it’s important to ensure they only access what’s necessary—and only for as long as needed. With Mender’s SSO enhancements:
- Access is granted through the main identity provider, allowing time-boxed permissions via group policies or expiration rules.
- There’s no need to manage separate credentials in Mender.
- Once the contractor’s directory access is revoked, their access to all Mender tenants is automatically terminated.
The Service Provider tenant tailors Mender to different environments while keeping necessary data and deployments separated.The updated SSO support in Mender Server 4.0 enhances the Service Provider tenant, allowing organizations to maintain strong security, operational agility, and scalability all with a secure and streamlined end user experience.
Enabling scalable, secure access for modern IoT operations
As embedded device deployments grow in complexity, the norm is environmental separation spanning multiple environments, customers, or user roles. Secure, centralized, and scalable management becomes non-negotiable while separating multiple environments across differing complexity. With the introduction of the Service Provider tenant and significant SSO enhancements in Mender Server 4.0, organizations have the tools to confidently scale without compromising control or security. The Service Provider tenant supplies the framework for secure tenant separation while SSO enhancements enable secure and simplistic access control across environments.
Read more about Mender’s Multi-tenancy and SSO support in the documentation.
