Knowledge Base

Back to support overview

Conditional Access in a multitenancy organization allows a parent company to control how users and devices connect across multiple companies within the same organizational structure. This setup helps organizations enforce consistent security policies while collaborating with external partners or managing child subsidiaries. Using organizational rules, tenant managers can define who can connect, under which conditions, and between which companies.

This article applies to all TeamViewer Tensor license holders with the Conditional Access add-on, as well as Tensor Pro and Tensor Unlimited license holders.

Prerequisites and requirements

Before you start, make sure the following prerequisites and requirements are met:

  • At least two companies are connected through a multitenancy relationship

  • Conditional Access is available and enabled for the involved companies

  • Access to at least one child company by a Tenant manager, who is a user that can access one or more child companies within a multitenancy setup, and must have sufficient permissions to manage organizational Conditional Access rules

  • An active license with the Conditional Access add-on

  • Manage permission for Shared control

  • TeamViewer client version 15.5 or later

  • DNS or IP address of the dedicated Conditional Access router

Related resources

For background information, see the following articles:

  1. Setting up company multitenancy
  2. Configuration of the client and the firewall for Conditional Access
  3. Best practices for network configuration in a Conditional Access environment

Organizational rules and shared control

In a shared control scenario, a Conditional Access rule defines which users and devices from one company can connect to users and devices in another company, and under which conditions. These rules are called organizational rules.

How to add an organizational Conditional Access rule

  1. Go to Conditional Access.
  2. Click Add rule.
  3. Select Organization.

If your company uses both multitenancy and Conditional Access, you see two rule types:

  • Internal for rules within your own company
  • Organization for rules between different companies

To create an organizational rule, select the source company and the target company for which the rule applies.

How to configure rule options

When you create an organizational rule, the following rule options are available but disabled by default:

  • Approval
  • Feature
  • Time

If you save the rule without enabling any of these options, the rule uses the default values for each option.

How to add an expiration date

Like internal Conditional Access rules, organizational rules can include one or more expiration dates. These dates define when the rule is active.

You can add multiple expiration periods to the same rule.

How to save and view organizational rules

  1. Click Save in the top-right corner to create the rule.
  2. In the Conditional Access rule table, click Filter by.
  3. Select Organization from the Type dropdown.
  4. Select the source company and target company.
  5. Click Apply.

The table will now show all organizational rules between the selected companies.