Learn more about the authorization management

Tenant ID: At this point we assume that you have completed the steps at Request free access to an environment and already received a valid tenant ID as well as a user with full permission on this tenant.

Bosch Semantic Stack uses the Nexeed portal of the Robert Bosch Manufacturing Solutions GmbH as an affiliate system for managing access rights for tenants.

To manage your tenant, please log in to the Access Management UI.
This is another user interface which you only need to access for administrative purposes: e.g., to manage clients, which should be able to access the digital twins and Aspect Models registered for your tenant.


The default UI includes some configurations for the Nexeed Industrial Application system.
In the context of Bosch Semantic Stack, do not worry about the Dashboards tab. The sections that are interesting for you – as the admin of the tenant – are those at Access Management.

your user

In case you need assistance, please address support.semantic-stack@bosch.com instead of the contact found in the portal.

Click the following link to find a prepared email with placeholders for all required content

Hello Bosch Semantic Stack team,

I need support for the Bosch Semantic Stack free plan.
Tenant ID: insert your tenant ID here
Problem: describe what you need help with

Let’s have a look at the items below the dashboard, to learn about the authentication and authorization principles which will apply for your user, and the solutions which you might create, once you are familiar with the tooling.


The portal will list all users who are allowed to see the tenant.

Click on your name to see the roles which have been granted by default in the process of creating your tenant.

As the admin of this tenant, you have a set of available roles assigned to you.


Roles can be assigned to users, groups, and modules.

After authentication, the roles are resolved and grant you the permission respectively.

Find a detailed description of all roles at Concepts > Authorization.


While users and groups are self-explaining, the term "module" is just a generic title for an account for all types of technical clients. For example, all services which need access are regarded as modules. A developer tool like Postman will be regarded as a module too.

In our demo setup for Bosch Semantic Stack, the Postman application will need client credentials to be allowed to request your Digital Twin Registry tenant.

Such a client (for Postman) is considered a module, which needs to be created by you - as the admin of the tenant.