Working with multi-tenant environment

Multi-tenant environments consist of multiple customers, business units, or line of businesses called tenants. Multi-tenancy is the capability of an application to support multiple tenants from a single deployment. It ensures that within each tenant users can access only the data that they are authorized to use. Multi-tenancy can reduce application maintenance costs. Sectona Privileged Access Management provides built-in multi-tenancy capabilities.

The following sections provide you with an overview of the key aspects of the system's design:

Multi-tenant system architecture

While working with a multi-tenanted system design, user management of all instances remain centralized and only accessible to the user with roles defined as global administrator. Instance administrators can manage users specific to respective instances and will have read-only access across other user profiles.

System and master configuration data related to system settings and configurations remain centrally accessible to the global administrator role.

Accounts and assets related configurations are available to instance administrators and not available at global level.

By default, the system at the time of installation defines a master instance that owns the system and manages its use. Multi-tenancy includes a default master entity and multiple tenant entities. Entities can work together or in isolation. For example, each tenant can be operated based on different time zone requirements.

The proxies, gateways, and jump servers' configurations can be configured based on instance wise, location wise, or IP range wise.

Adding a new instance

Login to the system with global administrator role.
Navigate to the System page in the Sectona Solution.
Click on Instance Manager which is listed in the sidebar.
Click on the +Add Instance button on the page.
Provide an Instance Name up to 255 characters.
Choose a Short Name for the instance.
Add any Description to remember your settings.
Time zone: If the users in this instance are part of a time zone other than the system’s then choose the desired time zone.
Click the Save button. The task of creating a new instance is done and it is ready for use.

Newly provisioned instances are created with an active status flag.

Disabling an active instance

You can disable an active instance as follows. When an active instance is disabled, none of its users will be able to gain access.

Navigate to the System page in the Sectona Solution.
Click on Instance Manager which is listed in the sidebar.
Select the instance you wish to edit.
Untick the Active checkbox.
Click Save.

Please note that you will not be able to disable all the instances as at least one instance should be kept active in the PAM system.