Multi-tenant Provisioning

In this Lesson

In this lesson you will learn about managing users in multiple tenants.

Concepts

Multi-tenant solutions are great if you have the need to provide the same solution to multiple independent customer organizations. It allows you to support the maximum number of organizations with the minimum amount of overhead.

One of the tasks which does increase with the number of tenants is user provisioning. You may choose to have a single point of administration for all tenants or allow individual tenants to manage their own user provisioning.

Soiree provides three types of administrator access

  1. Tenant Administrator
    Users with this access may add or modify tenants.
    This type of access may only be assigned to users in the Universal Tenant (0).
  2. User Administrator for one tenant
    Users with this access may only maintain users belonging to the same tenant as the administrator.
  3. User Administrator for all tenants
    Users with this access may maintain users belonging to any tenant.
    This type of access may only be assigned to users in the Universal Tenant (0).

In addition, you can create your own custom provisioning services which allow you to divide up the task in different ways. For example, you may want one administrator handling a ‘region’ of organizations. You would define what a region is and which organizations belong to it. You would then create a solution which exposes just those tenants to an administrator and provides them the provisioning capabilities they need.

You could also choose to distribute user provisioning deeper within a single organization. For example, you could have ‘departmental’ administrators who are allowed to make certain types of provisioning decisions for people within their department.

Regardless of which type of custom provisioning you desire you would get the job done by creating your own design with assistance from the APIs offered by the UserService and SoireeSecurityManager.

Custom provisioning systems are beyond the scope of this lesson and are left as an exercise for the reader.

This lesson will discuss the three types of administrator access provided by Soiree.

Tenant Administrator

The server console provides a scene for maintaining tenants.



This option only appears in the console if the user has the Tenant Administrator group which is one of the security groups offered by the Server Console



Tenant Definition

A tenant is nothing more than an ID and a name as shown here



You create a new tenant by pressing the
symbol at the bottom of the list. You complete the add operation by providing a tenant name and pressing the OK button.



You modify a tenant by pressing selecting the tenant from the list, changing its name, and pressing OK



The console does not allow you to delete tenants.

User Administrator for one tenant

Users with the User Administrator for one tenant security group have access to the following provisioning tools in the server console



Each of these scenes will restrict the user to their own tenant. For example, here is what the User Import scene looks like for a single tenant administrator



Likewise, here is what the User Provisioning scene looks like



User Administrator for all tenants

Users with the User Administrator for all tenants security group have access to all the same options as the single tenant administrator. However, this type of administrator has the ability to select the tenant they wish to work with.

Here is what the User Provisioning scene looks like



Create a Tenant

In this exercise you will create a tenant for the Pool Party

  1. Start the server console
  2. Sign on as admin for tenant 0 (password = admin)
  3. Select the Tenant Maintenance option



  4. Press the
  5. Enter the following tenant name and press OK



    The new tenant will appear in the list



  6. Return to the console menu by pressing the back link



Provision users for the new tenant

In this exercise you will create a user for the new tenant

  1. Assuming you are still at the console menu…
  2. Select the User Provisioning option from the console menu
  3. Select the new tenant



  4. Press the Search button and no users will be displayed



  5. Add a new user as shown here



  6. Search again to find the new user and then select it



  7. Set the password to maven



  8. Press the Group Assignments Edit link



    When the group list appears notice the User Administrator for all tenants and Tenant Administrator groups are missing.



    Notice
    The User Administrator for all tenants and Tenant Administrator security groups may only be assigned to users in the Universal Tenant.
  9. Assign the following groups to the user and press Save



  10. Press the back link to return to the console menu



  11. Press the Sign Out link to return to the console sign on scene



Testing the new User

  1. Attempt to sign in with the following credentials.
    Tenant = 0
    User Id = admin
    Password = maven

    The attempt should fail because you are using the Pool Maven admin credentials for the Universal tenant.



  2. Change the tenant ID to 1 and press OK
    The sign on attempt should succeed

    The Performance Monitor and user provisioning options should be the only things available on the menu



  3. Select the User Provisioning option from the menu.
    The tenant will be locked to the Pool Mavens tenant. The same is true of the other user provisioning options.




Test the Party Pool with the new tenant

  1. Start the PartyPool solution
  2. Sign on with these credentials



    Notice the new tenant contains no parties



That’s all for this lesson.