Multi-Tenancy
Multi-tenancy allows a single ProxCenter instance to serve multiple isolated organizations, teams, or customers. In the MSP / IaaS model, tenants consume one or more virtual datacenters while the provider keeps a global operational view of the shared Proxmox infrastructure.
Overview
Without multi-tenancy, all users in a ProxCenter instance operate in the same provider workspace. With multi-tenancy enabled, users, resources, backups, events, alerts, tasks, and reports are scoped by tenant and vDC.
This supports two common models:
- Dedicated infrastructure -- A tenant owns one or more Proxmox connections.
- Shared infrastructure -- Multiple tenants share the same Proxmox cluster, with isolation enforced through vDC pools, SDN networks, quotas, and PBS namespaces.
Enabling Multi-Tenancy
- Navigate to Settings > Tenants with a provider administrator account.
- Enable multi-tenancy.
- Review the default provider tenant created for existing resources.
- Create customer or team tenants.
- Create vDCs for each tenant and assign pools, networks, quotas, and backup bindings.
Enabling multi-tenancy changes the access model for the whole instance. Plan tenant ownership, provider administrators, vDC quotas, and backup isolation before onboarding customer users.
Managing Tenants
Creating a Tenant
- Go to Settings > Tenants.
- Click Add Tenant.
- Provide a name and optional description.
- Create or assign the tenant's vDC.
- Invite users and assign roles.
Tenants are created without broad provider access. A tenant user only sees the resources granted through their tenant and vDC assignments.
Tenant Lifecycle
Tenant status uses explicit operational states:
| Status | Description |
|---|---|
| Active | Users can log in and use assigned resources |
| Locked | Login is blocked, but tenant data and assignments are preserved |
Use Locked when suspending access for billing, security review, or offboarding while keeping the tenant configuration intact.
Assigning vDCs
vDCs are the preferred resource boundary for MSP and IaaS deployments. A vDC defines:
- Proxmox pool membership
- Allowed nodes, storages, bridges, VNets, and subnets
- CPU, RAM, storage, snapshot, and backup quotas
- PBS namespace and backup job boundaries
- Datacenter assignment for Green IT metrics
See Virtual Datacenters for the full workflow.
Assigning Users
Users can be assigned to one or more tenants. Their role applies inside the assigned tenant scope.
| User Type | Tenant Access |
|---|---|
| Super Admin | Provider-level access to every tenant and tenant configuration |
| Tenant Admin | Administrative access inside assigned tenant scopes |
| Tenant User | Access based on role permissions inside assigned tenant scopes |
Super admins are pinned to every tenant by design, so provider administrators cannot accidentally lose visibility by switching away from the provider tenant.
Cross-Tenant Users View
Provider administrators can use the cross-tenant users view to list every user across all tenants. This view shows tenant assignments, role propagation, and account status from one page, which is useful for MSP support teams managing many customer accounts.
Tenant administrators only see users within their own tenant scope.
Data Isolation
Multi-tenancy enforces tenant boundaries across shared services:
- Inventory -- Tenants see only resources in their assigned vDC pools.
- Deployments -- Tenant requests are rejected when they reference foreign nodes, storages, bridges, VNets, subnets, or pools.
- Backups -- PBS archives and PVE backup jobs are scoped to the tenant's PBS namespace and vDC pool.
- Events and Tasks -- Operational activity is filtered by tenant visibility.
- Reports and Alerts -- Generated and displayed within tenant boundaries.
- Audit Logs -- Tenant actions remain attributable, while provider administrators can review activity across tenants.
Tenant isolation also applies when several tenants share the same Proxmox node or cluster.
Switching Tenants
Users assigned to multiple tenants can switch between them using the tenant selector in the top navigation bar. Switching tenants changes visible vDCs, resources, backups, alerts, events, and reports immediately.
Settings Visibility
Provider-only settings remain hidden from vDC tenants. Enterprise tabs such as LDAP, OIDC, white-label, notifications, and platform alerts are shown only when they are relevant to the current user and license.
Use Cases
MSP (Managed Service Provider)
Create one tenant per customer and one or more vDCs per service tier or region. Customer users manage their own VMs, backups, restores, and quotas without seeing other customers on the same Proxmox platform.
IaaS Platform
Expose self-service VM deployment, network assignment, and backup operations to tenants while retaining provider control over clusters, storage, network ranges, and physical datacenter placement.
Enterprise Teams
Create tenants per department, project, or environment. The infrastructure team manages shared capacity, while each team sees only its assigned vDC.
Multi-Tenancy is available in the Enterprise edition and requires the MULTI_TENANCY feature flag in your license.
Permissions
| Permission | Description |
|---|---|
super_admin | Required to manage all tenants and provider-wide configuration |
tenant.manage | Create, edit, lock, and assign tenants |
tenant.view | View tenant configuration and user assignments |