diff --git a/iam/api/http.py b/iam/api/http.py
index 65bd7db..3584710 100644
--- a/iam/api/http.py
+++ b/iam/api/http.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 """
 TencentBlueKing is pleased to support the open source community by making
-蓝鲸智云-权限中心Python SDK(iam-python-sdk) available.
+蓝鲸智云 - 权限中心 Python SDK(iam-python-sdk) available.
 Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
 Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
 You may obtain a copy of the License at http://opensource.org/licenses/MIT
@@ -15,6 +15,10 @@
 
 import curlify
 import requests
+import urllib3
+
+# no more useless warning
+urllib3.disable_warnings()
 
 logger = logging.getLogger("iam")
 
diff --git a/iam/contrib/iam_migration/migrator.py b/iam/contrib/iam_migration/migrator.py
index d29dc6d..c7b5ef3 100644
--- a/iam/contrib/iam_migration/migrator.py
+++ b/iam/contrib/iam_migration/migrator.py
@@ -36,6 +36,26 @@ def __init__(self, migration_json):
         self.migration_json = migration_json
         self._bk_app_code = getattr(settings, "APP_CODE", "")
         self._bk_app_secret = settings.SECRET_KEY
+        self._bk_app_tenant_id = self.get_tenant_id()
+
+    @staticmethod
+    def get_tenant_id():
+        """
+        获取应用所属的租户 ID
+        Note: BKPAAS_APP_TENANT_ID 和 BK_APP_TENANT_ID 的含义不一样
+            BKPAAS_APP_TENANT_ID 是应用的租户模式标识，表示应用是全租户还是单租户
+            BK_APP_TENANT_ID 是应用所属的租户 ID，表示应用是属于哪个租户的，即由哪个租户产生的
+        """
+        # PaaS 平台上部署运行的应用，会自动内置 BKPAAS_APP_TENANT_ID 环境变量，表示应用是全租户的还是单租户的
+        tenant_id = os.environ.get("BKPAAS_APP_TENANT_ID")
+        if tenant_id is not None:
+            # 空字符串表示全租户应用，则返回 system，因为全租户应用只能在运营租户 (system) 下创建
+            return tenant_id or "system"
+
+        # 如果从环境变量获取不到，即非 PaaS 平台上运行，则需要从配置中获取
+        # 注意：对于单租户应用，BK_APP_TENANT_ID 可以不设置
+        #  对于全租户应用，BK_APP_TENANT_ID 必须设置，建议设置为 system
+        return getattr(settings, "BK_APP_TENANT_ID", "")
 
     def migrate(self):
         iam_host = getattr(settings, "BK_IAM_APIGATEWAY_URL", "")
@@ -64,6 +84,6 @@ def migrate(self):
         if not ok:
             raise exceptions.NetworkUnreachableError("bk iam ping error")
 
-        ok = do_migrate.do_migrate(data, iam_host, self._bk_app_code, self._bk_app_secret)
+        ok = do_migrate.do_migrate(data, iam_host, self._bk_app_code, self._bk_app_secret, self._bk_app_tenant_id)
         if not ok:
             raise exceptions.MigrationFailError("iam migrate fail")
diff --git a/iam/contrib/iam_migration/utils/do_migrate.py b/iam/contrib/iam_migration/utils/do_migrate.py
index 668c0c3..192af5b 100644
--- a/iam/contrib/iam_migration/utils/do_migrate.py
+++ b/iam/contrib/iam_migration/utils/do_migrate.py
@@ -18,10 +18,13 @@
 import os
 
 import requests
+import urllib3
 
 # NOTE: the usage doc https://bk.tencent.com/docs/document/6.0/160/8388
 
 __version__ = "1.0.0"
+# no more useless warning
+urllib3.disable_warnings()
 
 BK_APIGATEWAY_URL = os.getenv("BK_IAM_APIGATEWAY_URL", "https://bkapi.example.com/api/bk-iam/prod/")
 
diff --git a/setup.py b/setup.py
index 4e5853e..df4fe18 100644
--- a/setup.py
+++ b/setup.py
@@ -9,7 +9,7 @@
 requires = [
     "six>=1.11.0",
     "cachetools>=3.1.1,<6.0",
-    "requests",
+    "requests>=2.16.0",
     "curlify==2.2.1",
 ]