You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/managed-service-providers.mdx
+14-4Lines changed: 14 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,20 +9,30 @@ sidebar:
9
9
Only available on Enterprise plans. For more information, contact your account team.
10
10
:::
11
11
12
-
Gateway supports the [Cloudflare Tenant API](/tenant/), which allows Cloudflare-partnered managed service providers (MSPs) to set up and manage Cloudflare accounts and services for their customers. Tenants can create Zero Trust deployments with centralized Gateway policy control and account-level overrides.
12
+
Gateway supports the [Cloudflare Tenant API](/tenant/), which allows Cloudflare-partnered managed service providers (MSPs) to set up and manage Cloudflare accounts and services for their customers. With Tenant, MSPs can create Zero Trust deployments with global Gateway policy control. Policies can be customized or overridden at a organization group or account level.
13
13
14
-
The Tenant platform only supports creating Gateway DNS policies.
14
+
The Tenant platform only supports Gateway DNS policies.
15
+
16
+
## Get started
17
+
18
+
{/* <!-- How much of the policy creation flow do we need to surface here? --> */}
19
+
20
+
To set up the Tenant API, refer to [Get started](/tenant/get-started/).
21
+
22
+
Once you have provisioned your customer's Cloudflare accounts, you can create [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
15
23
16
24
## Account types
17
25
18
-
The Gateway Tenant platform supports parent-child and siloed accounts. Each account type offers different benefits based on organizational needs.
26
+
The Gateway Tenant platform supports parent-child and siloed accounts.
19
27
20
28
### Parent-child accounts
21
29
22
-
A hierarchical model where a parent account enforces global security policies that apply to all child accounts. Child accounts can override or supplement policies as needed while remaining under the parent account's management.
30
+
In a parent-child configuration, a top-level parent account enforces global security policies that apply to all child accounts. Child accounts can configure, override, or add policies as needed while still managed by the parent account.
23
31
24
32
Parent account policy is evaluated before a child account policy. If the parent policy has selected 'allow child bypass' the child can override the parent policy.
25
33
34
+
{/* <!-- Where is the 'Allow child bypass' setting? Do we need to surface this publicly? --> */}
35
+
26
36
### Siloed accounts
27
37
28
38
Each account operates independently within the same tenant. Each account manages its own security policies, resources, and configurations separately.
0 commit comments