Editing companies

You can adjust a company account settings at any time.

To edit a company account:

  1. Go to the Companies page.

  2. Click the company you want to edit.

  3. Edit the company details:

    • Company Name. Enter the name of the new company. The company name must be unique.

    • Address. Enter the physical address of the company’s office. This information is optional.

    • Country. Enter the country where the company is located.

    • Field of activity. The field of activity the company operates in.

    • Phone. You can add a phone number to contact the company.

    • Logo. You can add the company's logo image. All reports and email notifications issued for this company will include the logo image.

      To add the company’s logo:

      1. Click the Change button.

      2. Browse for the image logo on your computer.

      3. Click Open.

      To reset the logo to the image provided by Bitdefender, click the Defaultbutton.

  4. Enforce two-factor authentication.

    The two-factor authentication (2FA) adds an extra layer of security to GravityZoneaccounts, by requiring an authentication code in addition to Control Center credentials.

    This feature requires downloading and installing the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238- on the user's mobile device, then linking the app to the GravityZone account and using it with each Control Center login. The Authentication app generates a six-digit code each 30 seconds. To complete the Control Center login, after entering the password, the user will have to provide also the six-digit authentication code.

    Two-factor authentication is enabled by default when creating a company. After that, at login, a configuration window will prompt users to enable this feature. Users will have the option to skip enabling 2FA for three times only. At the fourth login attempt, skipping the 2FA configuration will not be possible and the user will not be allowed to log in.

    If you want to deactivate the 2FA enforcement for all GravityZone accounts in your company, just uncheck the option. You will be prompted with a confirmation message before the changes come into effect. From this point on, users will still have 2FA activated, but they will be able to deactivate it from their account settings.


    • You can view the 2FA status for a user account in the Accounts page.

    • If a user with 2FA enabled cannot log in to GravityZone (because of new device or lost secret key), you can reset its two-factor authentication activation from the user account page, under the Two-factor authentication section. For more details, refer to this section.

  5. Set maximum password age to 90 days.

    This option enables the password expiration policy. Users need to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.

  6. Lock out accounts after 5 login attempts with invalid passwords.

    This option limits the number of consecutive invalid passwords to prevent attacks. When the counter reaches the threshold, the account is locked out and the user needs to reset their password.

    The policy applies to the accounts created in GravityZone.

    A notification will be sent out to all company’s users when the account lockout option is being enabled on a certain company.

  7. Configure single sign-on using SAML. GravityZone supports service provider(SP) initiated single sign-on (SSO) as a simple and secure alternative to the classic login with username and password.

    This method requires integration with 3rd party identity providers (IdP) using SAML 2.0, such as AD FS, Okta, and Azure AD, that authenticate GravityZone users and provide them access to Control Center.

    This is how GravityZone SSO works:

    1. Users enter their email addresses in the GravityZone login page.

    2. GravityZone creates a SAML request and it forwards the request and the users to the identity provider.

    3. Users are required to authenticate with the identity provider.

    4. After authentication, the identity provider sends a response to GravityZone in the form of an XML document signed with an X.509 certificate. Also, the identity provider redirects users to GravityZone.

    5. GravityZone retrieves the response, validates it with the certificate fingerprint, and allows users to log in to Control Center with no other interaction from them.

    Users continue to automatically log in to Control Center as long as they have an active session with the identity provider.

    To enable SSO for a company, you need to do the following:

    1. Configure the identity provider to use GravityZone as service provider. For supported identity providers and configuration details, refer to Configuring single sign-on using a 3rd party identity provider.

    2. In the company details page, under Configure single sign-on using SAML, enter the identity provider metadata URL in the corresponding box.

    3. Configure users under the company to authenticate with their identity provider. For details, refer to Configuring single sign-on using a 3rd party identity provider.

    To disable single sign-on for a company you manage, delete the identity provider metadata URL.

    After disabling single sign-on for a company, users will automatically switch to log in with GravityZone credentials. Users can obtain new passwords by clicking the Forgot password?link on the Control Center login page and following the instructions.

    After re-enabling SSO for a company, users will continue to log in to Control Center with GravityZone credentials. You need to configure manually each account to use SSO again.

  8. Under License, configure the type of company, license, and related settings.

    • Company type. Select the type of company account:

      • Partner, if the company is a security or service provider and uses GravityZone to protect its business clients, or it is local distributor of GravityZone.

      • Customer, if the company uses GravityZone to protect just its own network.

    • Manage networks. By default, this option grants the following permissions to the new company:

      • View the computer network

      • Install security agents

      • Create and manage security policies

      • Run tasks

      • Manage quarantine

      For Customer companies, these permissions cannot be revoked because the Customer must have access to its own network.

      For Partner companies that are MSPs, this option must remain enabled, as they need these permissions to manage security of their clients' networks.

      Deselect the check box, if the Partner company is a service resellers only. In this case, the Partner can still create other company accounts, manage subscriptions and view reports.

    • Allow your partner to assist with the security management of this company.By default, you can manage endpoint protection for this company. If the company wants to manage protection by itself, then deselect this option. Consequently:

      • The company will still appear in the Network page, but its network will be invisible to you.

      • You will be able to manage its subscription further on.

      • You will be able to enforce two-factor authentication even though you cannot manage its user accounts.

      • You will be able to create only specific reports, which do not disclose network information.


      Once disabled, this option cannot be restored.

    • License type. Configure the company’s subscription settings. Choose the option that is in accordance with your business agreement:

      • Trial. This option assigns an automatically generated trial license key to the new company. The trial is valid for 30 days and it is free. During trial, the company can test the GravityZonefeatures.


        The trial covers all features except Sandbox Analyzer, HyperDetect and EDR. For these features only demos are available.

      • License. This option is for prepaid subscriptions, valid for one or more years. Also, you have the option to enter and manage add-on keys.

        1. Enter the license key for the client's chosen subscription.

        2. Click the Check button and wait until GravityZonechecks the license key. If valid, Control Center displays the expiry date and the seat capacity of the license.

        3. Enter an add-on key.

        4. Click the Addbutton and wait until GravityZonechecks the add-on key. If valid, Control Center displays the add-on type, and the key.

        You can add different types of add-ons by repeating the steps above.

        If you want to remove an add-on, click the inline remove.pngDelete icon.

      • Monthly subscription.This option assigns a subscription to the new company, which is invoiced monthly, based on the services usage. At 00:00 GMT of each first day of a month, all usages are reset to zero. For details on how service usage is calculated, refer to this KB article.


        This option is available only if you have a monthly license key from Bitdefender, or if you inherit a monthly license from your Bitdefender partner.

        Configure the monthly subscription settings, if needed. You can find them described herein:

        • License seats allocation

          This subscription type uses license seats for security agent deployments. Each security agent consumes one seat.

          You can allocate license seats to the new company using one of these two methods:

          • Shared license seats

            When installed, the agent uses a seat from a pool of license seats shared with other companies, including your own company. The owner of the seats pool is the first Partner above the new company in the hierarchy of company accounts which uses reservation or, in its absence, Bitdefender.

            No configuration is needed in this case.

            This method ensures flexibility, but increases competition between companies for the same number of seats.

          • Reserved license seats

            With this method, the company has a limited number of seats at disposal.


            This method requires you to use seat reservation yourself.

            Choose this method in case:

            • You deliberately want to limit the number of seats that the company can use.

            • The company wants to have seats available at any time.

            Any agent installation that exceeds the allocated number of seats enters in free trial until the end of the next month. If you do not extend the reservation, when trial ends, the agent expires and the endpoint is no longer protected.

            To reserve seats for the new company:

            1. Select the Reserve seatscheck box.

            2. Enter the number of seats you want to reserve in the near field. Once the number changed, you can view how many seats are still available to reserve.

        • Subscription end date

          Use this option to configure an end date for the monthly subscription of the managed company. After reaching the end date, the company is suspended, the security agents expire and the endpoints are no longer protected. If this option is not selected, then the company’s monthly subscription will not have an end date.

          To ensure protection after the end date, select Auto-renewal. This option will extend the subscription for a configurable period (in months).

          A company inherits the subscription end date from its parent, unless it has own end date configured. A child company can surpass the subscription end date of its parent only if the parent company has Auto-renewal enabled.

        • Minimum usage

          With this option, you can set a number of endpoints that the company intends to use. The minimum usage will be the basis for regular billing, regardless of the month-to-month variations, as long as it is not exceeded. If the company deploys more endpoints than indicated, then the minimum usage is ignored and the billing takes into account the actual usage.

          The minimum usage consumes license seats and it cannot exceed the reserved seats.

        • Product type

          For companies with monthly subscription, you can select the type of security agent to install on endpoints. The following product types are available:

          • Endpoint Security, the fully-featured security solution, with all modules available for deployment on endpoints.

          • Bitdefender EDR, a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside any third-party protection platform.

          Product types to assign further. Use this option when you want to create child companies that will use a different product type than the Partner company:

          • Endpoint Security- select this check box to allow child companies to use the fully-featured security solution.

          • Bitdefender EDR- select this check box to allow child companies to use the Endpoint Detection and Response solution.

          For details on how to migrate from using Bitdefender EDR standaloneto the full Cloud Security for MSP suite, refer to this article.

      • Security services

        Select all security services you want to enable for the new company.


        Each service comes with an additional fee based on usage. Enabling the service will add the fee to your monthly subscription.

        You can view the usage details in the Monthly License Usage report. Learn how to calculate the monthly usage from this KB article.

  9. Click Save to finish editing the company account. The new account will appear in the company accounts list.

    If you have also configured the user account linked to the new company, an email with the login details is instantly sent to the provided email address.