Creating companies

To create a company account:

  1. Go to the Companies page.

  2. Click the add.pngAdd button at the upper side of the table.

  3. Fill in the information in the below screens.

  4. Click Save to create the company account. The new account will appear in the company accounts list.

    If you have also configured the user account linked to the new company, an email with the login details is instantly sent to the provided email address.

Once the company and user accounts have been created, your client can start using GravityZone.

Fill in the information in these fields:


Fields marked with * are mandatory.

Basic company details

  • Company name - enter the name of the new company.

  • Company type - select the type of company account:

    • Partner, if the company is a security or service provider and uses GravityZone to protect its business clients, or it is local distributor of GravityZone.

    • Customer, if the company uses GravityZone to protect just its own network.

  • Country - select the country the company is based in.

  • Field of activity - the main field of activity the company operates in.

Security management option

  • The company manages endpoint security - check this box if you want this company and the companies under it to be able to manage endpoint security directly. By default, this option grants the following permissions to the new company:

    • View the computer network

    • Install security agents

    • Create and manage security policies

    • Run tasks

    • Manage quarantine.


    For Customer companies, these permissions cannot be revoked because the Customer must have access to its own network.

    For Partner companies that are MSPs, this option must remain enabled, as they need these permissions to manage security of their clients' networks.

    Deselect the check box, if the Partner company is a service reseller only. In this case, the Partner can still create other company accounts, manage subscriptions and view reports.

  • The company's Partner can assist with the security management - check this box if you want this company's partner to have access to managing endpoint security directly. If this box is not checked:

    • The company will still appear in the Network page, but its network will be invisible to its partner.

    • The company's partner will be able to manage its subscription further on.

    • The company's partner will be able to enforce two-factor authentication even though they cannot manage its user accounts.

    • The company's partner will be able to create only specific reports, which do not disclose network information.


    Once disabled, only users from the created company can restore this option from the My Company page.

Primary account



This section is optional if The company's Partner can assist with the security management option has been checked.

  • Full name - enter the user's name and surname.

  • Email address - enter the user's email address.

  • Timezone - the timezone the user is working under.

  • Language - user's preferred language for the GravityZone interface.

You can view and manage the user account afterwards in the Accounts page. For more details, refer to User Accounts.

Additional company details



This section is optional.

  • Registered address - Enter the physical address of the company’s office

  • Phone number - enter the company's official phone number.

  • Logo. You can add the company's logo image. All reports and email notifications issued for this company will include the logo image.

    To add the company’s logo:

    1. Click the Change button.

    2. Browse for the image logo on your computer.

    3. Click Open.

    To reset the logo to the image provided by Bitdefender, click the Default button.


Click the Next button in the lower right side of the screen to proceed to the next screen.

Fill in the information in these fields:


Fields marked with * are mandatory.

Login security

  • Enforce two-factor authentication.

    The two-factor authentication (2FA) adds an extra layer of security to GravityZone accounts, by requiring an authentication code in addition to Control Center credentials.

    This feature requires downloading and installing the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238 - on the user's mobile device, then linking the app to the GravityZone account and using it with each Control Center login. The Authentication app generates a six-digit code each 30 seconds. To complete the Control Center login, after entering the password, the user will have to provide also the six-digit authentication code.

    Two-factor authentication is enabled by default when creating a company. After that, at login, a configuration window will prompt users to enable this feature. Users will have the option to skip enabling 2FA for three times only. At the fourth login attempt, skipping the 2FA configuration will not be possible and the user will not be allowed to log in.

    If you want to deactivate the 2FA enforcement for all GravityZone accounts in your company, just uncheck the option. You will be prompted with a confirmation message before the changes come into effect. From this point on, users will still have 2FA activated, but they will be able to deactivate it from their account settings.


    • You can view the 2FA status for a user account in the Accounts page.

    • If a user with 2FA enabled cannot log in to GravityZone (because of new device or lost secret key), you can reset its two-factor authentication activation from the user account page, under Two-factor authentication section. For more details, refer to User Accounts.

  • Set maximum password age to 90 days.

    This option enables the password expiration policy. Users need to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.

  • Lock out accounts after 5 login attempts with invalid passwords.

    This option limits the number of consecutive invalid passwords to prevent attacks. When the counter reaches the threshold, the account is locked out and the user needs to reset their password.

    The policy applies to the accounts created in GravityZone.

    A notification will be sent out to all company’s users when the account lockout option is being enabled on a certain company.

Configure single sign-on using SAML


GravityZone supports service provider(SP) initiated single sign-on (SSO) as a simple and secure alternative to the classic login with username and password.

This method requires integration with 3rd party identity providers (IdP) using SAML 2.0, such as AD FS, Okta, and Azure AD, that authenticate GravityZone users and provide them access to Control Center.

This is how GravityZone SSO works:

  1. Users enter their email addresses in the GravityZone login page.

  2. GravityZone creates a SAML request and it forwards the request and the users to the identity provider.

  3. Users are required to authenticate with the identity provider.

  4. After authentication, the identity provider sends a response to GravityZone in the form of an XML document signed with an X.509 certificate. Also, the identity provider redirects users to GravityZone.

  5. GravityZone retrieves the response, validates it with the certificate fingerprint, and allows users to log in to Control Center with no other interaction from them.

Users continue to automatically log in to Control Center as long as they have an active session with the identity provider.

To enable SSO for a company, you need to do the following:

  1. Configure the identity provider to use GravityZone as service provider. For supported identity providers and configuration details, refer to this article.

  2. In the company details page, under Configure single sign-on using SAML, enter the identity provider metadata URL in the corresponding box.

  3. Configure users under the company to authenticate with their identity provider. For details, refer to Managing User Authentication Methods.

To disable single sign-on for a company you manage, delete the identity provider metadata URL.

After disabling single sign-on for a company, users will automatically switch to log in with GravityZone credentials. Users can obtain new passwords by clicking the Forgot password? link on the Control Center login page and following the instructions.

After re-enabling SSO for a company, users will continue to log in to Control Center with GravityZone credentials. You need to configure manually each account to use SSO again.


Click the Next button in the lower right side of the screen to proceed to the next screen.

The available fields and options in this screen will differ depending on one or more of the following:

  • If you are creating a Partner or a Customer company.

  • Your company's license.

  • The type of license you select in the Options field.


Configure the company’s subscription settings. Choose the option that is in accordance with your business agreement.


Depending on your company's license, you will have access to one or more of these options.


This option assigns an automatically generated trial license key to the new company. The trial is valid for 30 days and it is free. During trial, the company can test the GravityZone features.


The trial provides features equivalent with a GravityZone Elite license along with the following add-ons:

  • GravityZone Full Disk Encryption

  • GravityZone Patch Management

  • GravityZone Security for Storage

  • GravityZone Email Security

Monthly License Trial

This option assigns an automatically generated monthly trial license key to the new company. The trial is valid for 30 days and it is free. During trial, the company can test the GravityZone features.


The trial provides features equivalent with a GravityZone Cloud MSP Security license.

The company can test the Bitdefender protection for the next 45 days, on maximum 25 endpoints (Endpoint Security), and on maximum 25 mailboxes (Email Security).


This option is for prepaid subscriptions, valid for one or more years. Also, you have the option to enter and manage add-on keys.

  1. Enter the license key for the client's chosen subscription.

  2. Click the Check validity button and wait until GravityZone checks the license key. If valid, Control Center displays the expiry date and the seat capacity of the license.

  3. Enter an add-on key.

  4. Click the Add button and wait until GravityZone checks the add-on key. If valid, Control Center displays the add-on type, and the key.

You can add different types of add-ons by repeating the steps above.

If you want to remove an add-on, click the inline remove.pngDelete icon.

Monthly subscription

This option assigns a subscription to the new company, which is invoiced monthly, based on the services usage. At 00:00 GMT of each first day of a month, all usages are reset to zero. For details on how service usage is calculated, refer to Calculate the endpoint usage with the Monthly License Usage report.


This option is available only if you have a monthly license key from Bitdefender, or if you inherit a monthly license from your Bitdefender partner.

Configure the monthly subscription settings, if needed. You can find them described herein:

  • Product type

    For companies with monthly subscription, you can select the type of security agent to install on endpoints. The following product types are available:

    • Endpoint Security, the fully-featured security solution, with all modules available for deployment on endpoints.

    • Bitdefender EDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside any third-party protection platform.

  • Subscription preferences

    • Reserved seats

      With this setting turned on, the company has a limited number of seats at disposal.


      This method requires you to use seat reservation yourself.

      Choose this method in case:

      • You deliberately want to limit the number of seats that the company can use.

      • The company wants to have seats available at any time.


      If this setting is turned off, Shared license seats will be automatically activated.

      Any agent installation that exceeds the allocated number of seats enters in free trial till the end of the next month. If you do not extend the reservation, when trial ends, the agent expires and the endpoint is no longer protected.

      To reserve seats for the new company:

      1. Select the Reserve seats check box.

      2. Enter the number of seats you want to reserve in the near field. Once the number changed, you can view how many seats are still available to reserve.

    • Shared license seats


      This setting is enabled by default when the Reserved seats settings is turned off. It is not visible in the Licensing screen.

      When installed, the agent uses a seat from a pool of license seats shared with other companies, including your own company. The owner of the seats pool is the first Partner above the new company in the hierarchy of company accounts which uses reservation or, in its absence, Bitdefender.

      No configuration is needed in this case.

      This method ensures flexibility, but increases competition between companies for the same number of seats.

    • Add subscription end date

      Turning on this setting will allow you to configure an end date for the monthly subscription of the managed company. After reaching the end date, the company is suspended, the security agents expire and the endpoints are no longer protected. If this option is not selected, then the company’s monthly subscription will not have an end date.

    • Set auto-renewal

      Turn on this option to ensure protection after the subscription end date. This option will extend the subscription for a configurable period (in months).

      A company inherits the subscription end date from its parent, unless it has own end date configured. A child company can surpass the subscription end date of its parent only if the parent company has Auto-renewal enabled.

    • Select minimum usage

      With this setting turned on, you can set a number of endpoints that the company intends to use. The minimum usage will be the basis for regular billing, regardless of the month-to-month variations, as long as it is not exceeded. If the company deploys more endpoints than indicated, then the minimum usage is ignored and the billing takes into account the actual usage.

      The minimum usage consumes license seats and it cannot exceed the reserved seats.

  • Product types to assign further.

    Use this option when you want to create child companies that will use a different product type than the Partner company:

    • Endpoint Security - select this check box to allow child companies to use the fully-featured security solution.

    • Bitdefender EDR - select this check box to allow child companies to use the Endpoint Detection and Response solution.

    For details on how to migrate from using Bitdefender EDR standaloneto the full Cloud Security for MSP suite, refer to Bitdefender EDR standalone for MSP.

  • Add-ons

    Select all Add-ons you want to enable for the new company.


    Each service comes with an additional fee based on usage. Enabling the service will add the fee to your monthly subscription.

    You can view the usage details in the Monthly License Usage report. Learn how to calculate the monthly usage from Calculate the endpoint usage with the Monthly License Usage report.

  • Custom fields

    Using Custom Fields page you can manage, import and export custom fields used to store third party or other custom data and facilitating billing automation. These fields are only visible if the company's partner has at least one custom field activated.


    For more information on custom fields refer to Managing custom fields