How do I create a tenant?
Short answer
Section titled “Short answer”Open Administration → Tenant Management, click “Create tenant”, and provide a name, slug, license tier — as well as the owner’s details (email, username, name, password). A tenant is never created empty: the owner is its first administrator. Once saved, the tenant is active immediately and the owner can sign in.
Requirements
Section titled “Requirements”Check beforehand under Administration → License how many tenants your license
allows (max_tenants; Community: 1, Enterprise: unlimited). The chosen tenant plan
must not be higher than the installation’s plan.
Instructions
Section titled “Instructions”-
Open Tenant Management. Administration → Tenant Management. You’ll see all tenants with their slug, license tier, and owner. Click “Create tenant”.
Screenshot pendingadmin-mandanten-01Tenant management with the tenant list and the 'Create tenant' buttonTenant management, with the 'Create tenant' button. -
Fill in the tenant and owner. Required fields:
- Name — the tenant’s display name (e.g. “ACME GmbH”).
- Slug — a technical short name, lowercase letters, digits and
-only (e.g.acme-gmbh). Must be unique. - License tier — the tenant’s plan (Community, Basic, Professional, Elite, Enterprise).
- Owner — the email, username, full name, and password of the first administrator. The same rules apply to this account as when creating a user.
Optional: logo URL, primary/secondary color (branding), and max. assets.
Screenshot pendingadmin-mandanten-02'Create tenant' form with name, slug, license tier and the owner fieldsA tenant is always created together with its owner (first administrator). -
Save. The tenant appears in the list — including the owner’s e-mail. The owner signs in with the credentials you set and configures their tenant (users, branding, optionally SSO).
Via the REST API: POST /api/v1/tenants with the tenant and the embedded owner
object (required). The caller needs administrator rights and the write scope.
curl -X POST https://demo.notory.io/api/v1/tenants \ -H "Authorization: Bearer inv_dein_token" \ -H "Content-Type: application/json" \ -d '{ "name": "ACME GmbH", "slug": "acme-gmbh", "license_tier": "professional", "primary_color": "#1a73e8", "secondary_color": "#ffffff", "owner": { "email": "admin@acme.example", "username": "acme-admin", "full_name": "ACME Administrator", "password": "Sicheres-Startkennwort-2026" } }'On success, the API responds with 201 Created and the tenant including its owner:
{ "id": "018f9c11-2b3c-7d44-8e5f-6a7b8c9d0e1f", "name": "ACME GmbH", "slug": "acme-gmbh", "license_tier": "professional", "max_assets": 100, "is_active": true, "require_2fa": false, "subscription_status": "none", "owner_email": "admin@acme.example", "owner_name": "ACME Administrator", "created_at": "2026-07-08T10:02:41Z", "updated_at": "2026-07-08T10:02:41Z"}Possible errors: 403 (tenant limit reached: “Tenant limit reached (N) for your
’…’ license” — or the requested plan is higher than the installation’s plan), 409
(slug, owner email, or username already taken), 422 (unknown license tier, invalid
slug).
What happens behind the scenes?
Section titled “What happens behind the scenes?”- Capacity check first. Before creating the tenant, Notory checks the product
license’s tenant limit (
max_tenants). If it’s reached, the call ends with403— including an upgrade hint. - Plan validation. An unknown license tier is rejected with
422; a tier above the installation’s license with403(“does not permit creating a tenant on the higher ’…’ plan”). Either way, the effective plan is always the intersection. - Owner account included. Along with the tenant, its first administrator is
created (role
admin, within the new tenant). Password rules and Argon2id hashing follow the normal user creation process; the email/username must be free system-wide. - Isolated immediately. From the very first second, tenant isolation applies: the new tenant sees exclusively its own data.
- Deletion is drastic.
DELETE /api/v1/tenants/{id}irrevocably removes the tenant and all of its data (which is why the GUI requires typing the slug to confirm). Only audit log entries are retained. You cannot delete your own tenant.