1.3.2.5. Manage Tenants
- wiki
The Settings → Manage Tenants page can be reached by clicking the menu item.
A tenant in a multi-tenancy architecture represents a part of a software which serves multiple customers having their data isolated and invisible to the other tenants. A tenant will have its own database, users, execution agents and other settings.
Flowster Studio offers the possibility to define multiple tenants, all of them managed by a single software:
A tenant configuration include general Information, Execution Agents, User Rights and Central Storage Path.
In the Information tab will be displayed the tenant’s: Name, Logo, SQL Server, SQL Instance and Database.
In the Execution Agents tab will be displayed all the execution agents assigned to the selected tenant.
In the Rights tab will be displayed all the users which will have rights to manage the tenant.
NOTE: managing tenants include access to all the tenant’s data, like domains, security groups, execution agents, workflows. A user assigned to manage a tenant can always modify existing data or add new one.
In the Central Storage Path tab will be configured a network shared path where dynamic files for a workflow executions can be created by using Write To Central Storage File activity in the workflow (The Write Data To Storage activity will create a text file with the execution GUID for the file’s name, where it can insert user defined content (for example, variables values, arguments values, different strings, logs etc)).
Default Tenant
The default tenant is considered the first database provided when installing Flowster Studio for the first time, as a standalone installation and the Super Admin chosen will be considered the master user.
A master user will have access to add, configure and manage all the tenants which will be defined in Flowster Studio and to assign/unassign new masters via the Master checkbox:
NOTE: if only one user exists as master, he cannot be deleted
This option is available for edit only for the default tenant. For the other tenants, whether a user is master or not will be displayed as a boolean value, with no possibility to check/uncheck the Master option:
Each tenant must have unique users and/or groups (Active Directory users or groups, Local users or groups) and unique Execution Agents.
For example, if Demouser is added in Security Groups for tenant 1, then this user should not be added in Security Groups for tenant 2.
The default tenant will have the following settings added from the beginning:
- Domain
- SuperAdmin group and a super admin user
- Portal
The first SuperAdmin from the default tenant will be automatically set as the master user. This user will have access to all defined tenants and will see a drop-down list where a tenant can be selected from:
If there is just one tenant, the drop down will be hidden.
Add Tenant
Runtime User SQL Server Rights In order to successfully create a tenant database from Flowster Studio Administrator, the Runtime User must have dbcreator rights. If the Runtime User doesn’t have dbcreator rights, then the Add Tenant wizard allows selecting an empty database (a database existing on the given SQL server, which has only the name), running only the script with the tables creation. |
NOTE: TRIAL mode allows the existence of only one tenant. The maximum number of tenants depends of the applied license type.
Only the master tenant (the first tenant created) will be allowed to create new tenants ( the child tenants won't be able to create tenants).
A new tenant can be added from the Tenants page, by clicking the Add Tenant button.
The Add tenant wizard opens:
- Insert a Name for the tenant (required)
- Choose an existing SQL Server name and its associated instance from the drop-down list (required). Instead of SQL Server name, you can also use the SQL Server IP.
- Choose an Authentication method (required): Flowster Runtime User, Windows Authentication or SQL Authentication.
- In case of Flowster Runtime User method, the user name and password are automatically taken
- In case of Windows Authentication method, the user name will be the current logged in domain\user name but it can be changed by the user
- In case of SQL Authentication method, the user name will be an SQL user name, provided by the user
- Insert User name (required for all authentication methods except Flowster Runtime User).
- Insert Password (required for all authentication methods except Flowster Runtime User).
- Insert a new Database Name or choose an existing one from the drop-down list (required).
- Click Next. The AD Domain Information wizard dialog will be displayed. All the information for this dialog are optional. Not providing them will not insert a Domain in the new tenant.
NOTE: a domain can also be later defined when configuring the tenant.
- Insert a Domain FQDN
- Select an AD Site (optional). If a site will be specified, this parameter will take precedence over the domain controller specified in the LDAP field. If not specified, the connection will be made with the info defined in the LDAP field.
- Insert the Active Directory LDAP
- Insert a Username with rights over the given LDAP
- Insert a Password for the given user
- Check the SSL option only if the given domain works on a secure connection. In this case, also insert a port in the LDAP field. For example, LDAP://DomainController:636
- Test if the connection to the given domain is successful or not
- Click Next. The Super Admin configuration wizard dialog will be displayed. All the information for this dialog are optional. Not providing them will not insert a Super Admin user, an approval role and workflow and a portal in the new tenant.
- Insert the Super admin for the tenant, in the domain_fqdn\username format. This option will insert the given user in the SuperAdmins security group.
- Insert a Portal name for the portal client app. By default it is the tenant's name.
- Click Finish.
The new tenant will be created, with all the given information and a new database on the selected SQL Server.
Edit Tenant
A tenant can be edited by selecting it from the Tenant's list.
Edit Information
The user could migrate the database to a different database server of the same type or to a different type.
From the Information tab, users can change the Name, logo , Server Name, SQL Instance and Database of the tenant. Click Test Connection to verify if the connection to the database is successful. Click Save Changes when finished editing.
Edit Execution Agents
The execution agents assigned to tenants should be unique. When an execution agent is added to a tenant, a default Windows Execution Group will be created on the selected tenants, with the agent’s endpoint.
The assigned execution agent will not be available for assignment to another tenant.
Edit Rights
The user assigned to a tenant can manage it from the Manage Tenants page. It can edit a tenant properties, assign other users or assign execution agents to it.
Edit Central Storage Path
In the Central Storage Path tab will be configured a network shared path where dynamic files for a workflow executions can be created by using Write To Central Storage File activity.
Manually insert the path and click the Apply button.
If used in a workflow, the Write Data To Storage activity will create a text file with the execution GUID for the file’s name, where it can insert user defined content (for example, variables values, arguments values, different strings, logs etc). The created file can also be downloaded from Portal → History page, by selecting the Info option for an executed workflow and clicking the Download link.
Delete Tenant
A tenant can be removed from the tenants list, but this action will not delete the tenant's database. The remove operation is available only when the user is not on the selected tenant.
Only the master tenant (the first tenant created) will be allowed to delete tenants ( the child tenants won't be able to delete tenants).
NOTE: A tenant cannot be deleted if it is in use by a user.