tenant

Manages an Azure Sphere tenant.

Operation Description
create Creates a new tenant
download-ca-certificate Downloads the CA certificate for the current tenant
download-ca-certificate-chain Downloads the CA certificate chain for the current tenant
download-validation-certificate Downloads the validation certificate for the current tenant, based on the provided verification code
list Lists the available Azure Sphere tenants
migrate Migrates the current tenant to one that supports role-based access control
select Selects the default Azure Sphere tenant to use on this PC
show-selected Shows the default Azure Sphere tenant for this PC

create

Creates a new Azure Sphere tenant.

If you already have a tenant and are certain you want another one, use the --force parameter. Currently, you cannot delete an Azure Sphere tenant.

Once the tenant is created, you must give other users roles within the tenant using the azsphere role command.

The azsphere tenant create command works with a locally attached Azure Sphere device. If you attempt the command without a device attached you will receive an error. The device ID is recorded when you create a tenant, and only one tenant can be created per device.

Required parameters

Parameter Description
-n, --name string Specifies a name for the tenant.

Optional parameters

Parameter Description
--force Forces creation of a new Azure Sphere tenant.
-ip, --deviceip [Multi-Device] IP address of the device to use for this operation. This is only required when multiple devices are attached. You may specify either a device IP or device location.
-l, --devicelocation [Multi-Device] FTDI location ID of the device to use for this operation. This is only required when multiple devices are attached. You may specify either a device IP or device location.
Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant create --name "DocExample"

download-ca-certificate

Downloads the certificate authority (CA) certificate for the current Azure Sphere tenant.

The CA certificate is required as part of the device authentication and attestation process.

Required parameters

Parameter Description
-o, --output filepath Parameter specifies the path and filename in which to store the CA certificate. The filepath can be an absolute or relative path but must have the .cer extension.
Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant download-ca-certificate --output CA-cert.cer
Saving the CA certificate to 'C:\Users\Test\Documents\AzureSphere\CA-cert.cer'.
Saved the CA certificate to 'CA-cert.cer'.
Command completed successfully in 00:00:03.0547491.

download-ca-certificate-chain

Downloads the certificate authority (CA) certificate chain for the current Azure Sphere tenant as a .p7b file.

Parameter Description
-o, --output filepath Specifies the path and file in which to store the CA certificate chain. The filepath can be an absolute or relative path but must have the .p7b extension.

Example

azsphere tenant download-ca-certificate-chain --output CA-cert-chain.p7b
Saving the CA certificate to 'C:\Users\Test\Documents\AzureSphere\CA-cert-chain.p7b'.
Saved the CA certificate to 'CA-cert-chain.p7b'.
Command completed successfully in 00:00:03.0547491.

download-validation-certificate

Downloads the validation certificate based on the provided verification code for the current Azure Sphere tenant.

The validation certificate is part of the device authentication and attestation process.

Required parameters

Parameter Description
-c, --verificationcode string Provides the verification code required to get a validation certificate.
-o, --output filepath Specifies the path and filename in which to store the validation certificate. The filepath can be an absolute or relative path but must have the .cer extension.
Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant download-validation-certificate --output validation.cer --verificationcode 123412341234
Saving the validation certificate to 'C:\Users\Test\Documents\AzureSphere\validation.cer'.
Saved the validation certificate to 'validation.cer'.
Command completed successfully in 00:00:01.7821834.

list

Lists Azure Sphere tenants.

Once the tenant has been migrated to role-based access control, azsphere tenant list will display only the tenants for which you have a defined role.

Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant list
ID                                   Name
--                                   ----
d343c263-4aa3-4558-adbb-d3fc34631800 Microsoft

Command completed successfully in 00:00:02.0344647.

migrate

Performs a one-time migration of a tenant to support role-based access control (RBAC) and new device model.

When you create a new tenant, your user identity is automatically made an administrator of the tenant. You can then register or add other users and give them roles in the tenant.

The azsphere tenant migrate command is used once per tenant to migrate to RBAC support, required as of the 19.10 release or later. The command will attempt to find your current user credential for your tenant (if you have one and have logged on). If you have more than one tenant you will be prompted to select the correct tenant to migrate. If the tenant cannot be located, or your credentials cannot be determined, use the optional --force-prompt parameter to be prompted for the tenant name and your credentials.

Optional parameters

Parameter Description
-f, --force-legacy-login Parameter requires a legacy account to be manually selected.
-i, --tenantid GUID Parameter specifies the ID of the Azure Sphere tenant to migrate.
Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant migrate --force-legacy-login

select

Selects the default Azure Sphere tenant to use on this PC. To display the current default tenant, use azsphere tenant show-selected.

Required parameters

Parameter Description
-i, --tenantid GUID Specifies the ID of the Azure Sphere tenant to use.
Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant select --tenantid d343c263-4aa3-4558-adbb-d3fc34631800
Default Azure Sphere tenant ID has been set to 'd343c263-4aa3-4558-adbb-d3fc34631800'.
Command completed successfully in 00:00:00.3808250. 

show-selected

Displays the ID of the default Azure Sphere tenant for the PC. This is the tenant selected with the azsphere tenant select command.

Global parameters

Parameter Description
-v, --verbose Provides verbose output
-?, --help Displays help on the command

Example

azsphere tenant show-selected
Default Azure Sphere tenant ID is 'd343c263-4aa3-4558-adbb-d3fc34631800'.
Command completed successfully in 00:00:00.3425522.