Managing a Multi-tenant Environment

A separate, dedicated Tenant Configuration Wizard is used to create, configure, modify and remove individual tenants. The Core Configuration Wizard configures the global settings. There are also two Start Menu shortcuts to launch the respective configuration wizards; however, it is also possible to seamlessly continue with the tenant configuration once the core configuration is finished. Also see the section "Using the Configuration Wizard for the Tenant Configuration" in "Configuring DirX Audit" in the DirX Audit Installation Guide for further configuration details.

Individual tenant configuration files are stored in their respective subfolders in the install_path/conf/tenants/ folder, while the global settings are stored in the install_path/conf/configuration.cfg file.

The tenant name is configurable, chosen by the user when a new tenant is created, while the tenant identifier is assigned automatically to ensure its uniqueness and cannot be changed by the user.

The tenant configuration must be unique: no tenant can share the same DirX Audit Database, DirX Audit Server file collector folder and LDAP collector settings or DirX Audit Message Broker JMS queue with another tenant to prevent the mixing of data originating from different sources, domains or organizations. Only the DirX Audit Manager authentication settings can be shared between multiple tenants, but a Tenant Configuration Wizard warning will be displayed in these cases.

The tenant identifier must be specified in the URL and the respective tenant name is also displayed in the Login page if there are multiple configured tenants. For details, see the section "Logging In" in "Using the DirX Audit Manager" in the DirX Audit User Interface Guide.

Once the user logs into the DirX Audit Manager, the tenant name is also displayed next to the username following the “@” separator if there are multiple configured tenants.

All DirX Audit Manager tabs - Dashboard, Audit analysis, Reports and History - display only data from relevant tenant-specific DirX Audit databases.

The authentication and authorization settings are also tenant-specific, which means that only authorized users existing in configured tenant-specific authentication source systems (for example, specific DirX Identity domains) can view or access the data of the given tenant.

The DirX Audit Message Broker configuration creates special queues for each collector and tenant that include the tenant identifier. There are also tenant-specific users with read and write access rights created for each tenant, each of them including the tenant identifier. For further configuration details, see the section "Common JMS Collector Credentials" and all Server JMS Collector sections in "Using the Configuration Wizard for the Tenant Configuration" in the DirX Audit Installation Guide.

When a tenant is removed, its queues will remain active (but without a consumer / server endpoint) until they are deleted manually.

Tool users must specify the tenant whose configuration (database connection setting) should be used to access the database to be processed with the tool. See the chapter "Using the DirX Audit Tools" in the DirX Audit User Interface Guide for the command syntax description.