How to structure your X4 Remote company

One of the biggest changes in the new X4 Remote version is the rights management system, which has become much more detailed and wide-ranging. Platform administrators now have full control over the tiniest detail of your users’ access rights. We’ve created this step-by-step guide to give your platform administrator some inspiration for structuring your companies IIoT account.

Structuring your X4 Remote Account

Share on linkedin
Share on xing
Share on twitter
Share on email

You’ll find definitions of the 3 core elements of the new rights management system below, which will be addressed in this step by step guide.




A role is a set of permissions. There are company-wide and group-specific roles, that are valid for either the entire company in X4 Remote and all machines within it or apply only to a specific group of machines. You can set admin and device permissions, as well as access categories.

Access categories

An access category is a label for pages and services of your machines. Users with rights to an access category can use and view all pages and services labeled with that access category.


A group is a subset of devices and users. You can separate groups in to different group types.

Step-by-step-guide to structure

Follow these steps to get an idea of possible ways to structure your company in X4 Remote. If you only have a couple of devices and users, we advise you to keep the setup simple with fewer groups and user-roles.

Jump to section:

Step 1 – Configure groups

The main question to answer in this step: “What does my organization look like?”

Think about how your devices are divided globally and which users are involved internally and externally. For each segment you can create a group type and groups in the Admin app to keep overview of your devices. For example:





Customer A



Customer B



Machine types


Service Partners


Project A

Partner A


Project B

Partner B



Once your groups are defined, you can configure the groups of each device in the Fleet Manager. When a device is assigned to a group, that device will be available to users who have access to that specific group.

Step 2 – Configure access categories

The main question to answer in this step: “What pages, notifications and services of my devices are users allowed to access?”

For hardware access you need to ask yourself for which pages and services users need VPN or VNC access. You can define access categories in various ways.

Some examples of possible access categories:

Based on access level

Based on features

No access


View access


Operator access


Service access

Maintenance Dashboard

Administration access

Operator Panel

For each defined access group you have to set up an ‘access category’ which you can find in the Admin app under ‘roles’. Once created, you can add these access categories to the pages and services of a device in the Fleet Manager.

Some examples of applying access categories

  1. Add the ‘VNC’ or ‘Operator Panel’ access category to the VNC service
  2. Add the ‘VPN’ access category to the VPN connection.
  3. Add a Maintenance page and assign the access category ‘Maintenance Dashboard’ 

Step 3 – Define roles

The main question to ask yourself in this step: “What kind of users does my company have and what should these users be allowed to do?”

Think about the different roles and what access users need (or don’t need) for their daily activities. Should they be able to manage users and groups, set up the branding or install and configure devices? Or should they only have access to the pages of their own machines?

You can define company-wide and group-specific roles. Company wide roles are set for your complete X4 Remote company and the attached devices. Group-specific roles are valid for a specific group of users and devices only.

It’s also good to think about what the daily activities of different roles (internally and externally) are. Define if a role is for the complete company account (incl. all devices) or for specific groups (e.g. Customer A can only manage his own devices and users within his group).

Once you’ve defined the user roles you can create them in the Admin section and set their access rights. Here you can also define to which access categories they have access. For example they can have access to all services, pages and notifications of access group ‘VPN’.

Some example roles:

  • Customer Operator
  • Customer Manager
  • Service Engineer
  • Platform Administrator

Step 4 – Add users

The main activity in this step is inviting users and setting their roles.

In this step, all the different pieces you’ve prepared in earlier steps are coming together. You’ve created roles, groups and access categories, now you can add users to your company and set their access level by assigning roles and groups in the Portal app.

Example users:

  • “Company-wide” role as “Sales Representative”
  • “Customer Manager” role for group “Customer A”
  • “Service Engineer” role for group “Region Asia” and group “Region Europe”

Example use cases

We’ve created these example use cases for inspiration on how to structure your company account in X4 Remote, based on 3 distinct company profiles.

Example A – Companies who sell machines directly to customers

In this scenario the machine builder sells its machines directly to customers and provides support through its own engineers. Platform administrators manage their X4 Remote account and users.

All engineers can configure devices and get access to all devices for troubleshooting over VPN and VNC. Each customer can manage their users (the machine operators) and each Machine Operator can connect to the VNC service of their machine.

Example B – Companies who sell machines through a partner channel and provide support

In this scenario the machine builder sells his machines through a partner to customers and provides support through its own engineers. Platform administrators manage their X4 Remote account and users.

All engineers can configure devices and get access to all devices for troubleshooting using VPN, VNC and HTTP services. They also have access to a machines Maintenance Dashboard. Each partner can manage their customers and devices. Each customer can manage their users (the machine operators) and each Operator has access to the machines VNC service.

Example C – multi-national companies with regional divisions providing support through local teams

In this scenario the machine builder is divided into multiple regions and divisions around the globe.They cooperate with their local service teams for support. Each machine is allocated to a specific region, division and customer. Platform administrators manage the X4 Remote account and users.

Each division has a Service Manager who owns the users and devices of their own division and allocates devices to his subordinate support-engineers. Each support engineer gets access to all allocated devices for maintenance and troubleshooting through VPN for their own customers. Within the devices they can also access the maintenance dashboard.

In this case the customer isn’t yet allowed to access his machine via the X4 Remote platform.

Try it out yourself

Now that you have seen some examples for structuring your X4 Remote company, it’s time for you to try it out yourself.

Share on linkedin
Share on xing
Share on twitter
Share on email