Versions Compared

Version Old Version 13 New Version 14
Changes made by

Antoine Hage

Antoine Hage

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Introduction

This Pillar provides several modules that help you cook some ACL recipes, package them and assign them as products to tenants.

In Addition you can create tenants that will use your product, manage their applications and secure them via key security.

This space will introduce 5 modules within the Manage pillar:



Productization
Anchor
productization
productization

The productization module offers the ability to secure your microservice & daemons and package them to assign them later on to tenants.

Here is a step by step approach on how to do that.


Add a new product
Anchor
product
product

From the dashboard, go to Manage pillar → Productization

Step 1:

Once there, you should see the default Dashboard Product with two packages in it.

Image Modified

Step 2:

Click on "Add New Product" and fill in the form.

Image Modified

Step 3:

You should now see an empty product right below the Dashboard Product.

Image Modified




Add a new package
Anchor
package
package

Now that you've added a new product, go ahead and add a new package in it so you can configure the ACL.

Image Modified

Similarly to the above, click add new package and fill in the form.

Image Modified


Note
titleRecap

So far, we've added a new product and added a new package inside it. Before continuing, we have to configure the ACL of the package.

The ACL is what will allow or deny access to the microservices and their APIs.




Edit package ACL
Anchor
packacl
packacl

Click on "Edit Package ACL" and you will be taken to a new page where you see the list of all activated services grouped under environment codes.

Check all the boxes of the services you want to allow this package to access.

The ACL works per environment, meaning if you deployed the same service in multiple environments, you can allow this package to access the service in one environment and prevent it in another.

You can learn more about deploying environments, check out the Deploy Pillar page.

Note
titleNote

When you check a service, it will expand and you will see 2 radio button: public and private.

Selecting public grants access to the service/API for anonymous users whereas private enforces that service/API access is only allowed for logged in users.




Multi-tenancy
Anchor
multi
multi

We've created a new product, created a new package within that product, and configured the package with the appropriate access rights. This recipe is called an application. Now we need to create the tenant that will use this applicationThis module offers the ability to create and manage tenants and their applications.

It also allows us to link tenant to productized package and secure them via key security.

The module provides a list of all the tenants except the tenant you are logged in with, for that please head to Settings.

Here is a step by step approach on how to do that.

Add a new tenant
Anchor
tenant
tenant

Go to Manage → Multi-Tenancy and click "Add Tenant"

Step 1:

Image Modified

Here you will be prompted to create either a Client Tenant or a Product Tenant.

For example, if you have a frontend that will communicate with your services, it is good practice to create the frontend tenant under Product Tenant, and if you have a developer/DevOp/TechOp that requires access to the services, it is good practice to create them under Client Tenants.

Product tenants are tenants that do not have users under them.

Client tenants are useless by themselves, they rely on their users to interact with your products.

Step 2:

Image Added

After you choose the tenant role,

go ahead and fill in the tenant name and the tenant email and click "Add Tenant". Now click on the tab where you created your tenant and you should see the following:Image Removed

fill the rest of the form to complete creating a tenant.

Note

While creating a tenant, if you pick a dashboard package for it, it means you want the users of this tenant to access the dashboard UI later on. If this is not the purpose of the tenant you are creating, do not pick a package for it from the drop down.

The drop down only shows package that belong to the Dashboard Product under productization.





Add new application
Anchor
app
app

Now that we have created our After you create a tenant, let's assign the application we created earlier to it. Remember that an application is the combination of a product, a package, and package ACL.

Click on the "+" near the tenant name, then click "Add New Application":

Image Removed

Select the product package that you created earlier and click "Add Application:an application for it and while doing that, pick the package you want to it to use from productization.

Image Added

Image Modified





Generate a tenant external key
Anchor
key
key

We still need to create an external key so that it can be used in the header of your requests.

Click on the "+" near the package name and press "Add New Key" and a new private key will be generated:

Image Removed

Now click on the key itself and click on the External Keys tab and click "Add New Application External Key"

Secure your tenant by generating an encrypted key. Keys are linked to applications and have additional security measures like geo, device and expiry options.

Step 1:

Image Added


Step 2:Image Modified

Pick an expiry date if you want your external key to expire

, or do not select a date to make you key live forever. Moreover, you

at some point or leave it blank for unlimited. 

You can add additional security

features

configuration such as device security and geolocation security.

Once you are done, click "Submit" and you will see your generated key

Step 3:

Image Modified

Now copy this key

Copy the external key value and place it in the header of your requests and you should be able to successfully access your services/APIs!




Configure services config per tenant
Anchor
configure
configure

Now that we have added a tenant, we can configure its services config, if required. Click here to learn more about services config.

Click on the "+" near the application name, then click on the Tenant Application Key, then on the Key Environment Configuration tab.

Here you will see a list of available environment where we can configure the services config.

Let's select the dev environment by clicking on the pencil near the environment name.

Now we can fill in the config object with any key:value we want to assign to all users of this tenant.




Tenant Organization Chart
Anchor
tenantchart
tenantchart

The tenant organization chart module allows you to manage the users and groups of all available tenants , if your logged in tenant has permission to do so.Image Removed except the tenant you are logged in with.

This module offers UI/UX wizards that interact with the URAC microservice deployed under the Dashboard environment.

To learn more about user registration and Access Control, check out the URAC page check out the URAC space.

Image Added



My Organization Chart
Anchor
orgchart
orgchart

My organization chart will allow module allows you to manage the users only users and groups of the tenant you are logged in tenant.Image Removedwith ONLY.

This module offers UI/UX wizards that interact with the URAC microservice deployed under the Dashboard environment.

To learn more about user registration and Access Control, check out the URAC page check out the URAC space.

Image Added



Settings
Anchor
settings
settings

The Settings module will allow you to manage the settings of the logged in tenanttenant your logged in with only. 

This module offers the same functionality that the multitenancy module does but is restricted to interact only with your tenant.

if you need to change information for other tenants, please head to multitenancy.