Multi-Tenancy Management

Groupios implements a recursive multi-tenancy structure, allowing any tenant to create and manage users, groups, domains, user federations, and other tenants. Here’s how it works:

System Tenant (Level 0)

The initial tenant, referred to as the "system tenant," resides at level 0. This tenant has the broadest scope of administrative privileges.

Creating a New Tenant

  1. Assigning a Domain: When creating a new tenant, you must assign it at least one domain (e.g. tenant.de). This domain can also be a subdomain (e.g. tenant.example.com).
  2. Admin Account Creation: An admin account (e.g. admin@tenant.de) is automatically created for the new tenant. The system will present the corresponding credentials to the user.

Note

The creation of tenants is documented in more detail in the Administrator -> Management Interface -> Tenants Section

Accessing a New Tenant

To access the newly created tenant:

  1. Log Out: First, log out of the current tenant.
  2. Log In: Use the provided admin credentials to log in to the new tenant via the same manage subdomain.

Managing a New Tenant

Upon logging in, the user will see a restricted version of the system tenant interface. This restricted environment allows the new tenant admin to:

  • Create additional administrators.
  • Manage the tenant on behalf of the organization.

Resource Isolation

Each tenant, except for the system tenant, has access only to its own resources. This includes:

  • Users
  • Groups
  • Domains
  • User federations
  • Other tenants created within its scope

This means that a tenant cannot access or manage the resources of another tenant, ensuring clear boundaries and security across the multi-tenant environment.

This structured and flexible approach ensures that each tenant can autonomously manage its own resources while adhering to the overarching multi-tenant architecture of Groupios.