Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 13 Next »


Introduction

This Pillar provides several modules that help you cook some ACL recipes, package them and assign them as products to tenants.

In Addition you can create tenants that will use your product, manage their applications and secure them via key security.

This space will introduce 5 modules within the Manage pillar:



Productization

The productization module offers the ability to secure your microservice & daemons and package them to assign them later on to tenants.

Here is a step by step approach on how to do that.


Add a new product

From the dashboard, go to Manage pillar → Productization

Step 1:

Once there, you should see the default Dashboard Product with two packages in it.

Step 2:

Click on "Add New Product" and fill in the form.

Step 3:

You should now see an empty product right below the Dashboard Product.



Add a new package

Now that you've added a new product, go ahead and add a new package in it so you can configure the ACL.

Similarly to the above, click add new package and fill in the form.

Recap

So far, we've added a new product and added a new package inside it. Before continuing, we have to configure the ACL of the package.

The ACL is what will allow or deny access to the microservices and their APIs.



Edit package ACL

Click on "Edit Package ACL" and you will be taken to a new page where you see the list of all activated services grouped under environment codes.

Check all the boxes of the services you want to allow this package to access.

The ACL works per environment, meaning if you deployed the same service in multiple environments, you can allow this package to access the service in one environment and prevent it in another.

You can learn more about deploying environments, check out the Deploy Pillar page.

Note

When you check a service, it will expand and you will see 2 radio button: public and private.

Selecting public grants access to the service/API for anonymous users whereas private enforces that service/API access is only allowed for logged in users.



Multi-tenancy

We've created a new product, created a new package within that product, and configured the package with the appropriate access rights. This recipe is called an application. Now we need to create the tenant that will use this application.

Add a new tenant

Go to Manage → Multi-Tenancy and click "Add Tenant"


Here you will be prompted to create either a Client Tenant or a Product Tenant.

For example, if you have a frontend that will communicate with your services, it is good practice to create the frontend tenant under Product Tenant, and if you have a developer/DevOp/TechOp that requires access to the services, it is good practice to create them under Client Tenants.

After you choose the tenant role, go ahead and fill in the tenant name and the tenant email and click "Add Tenant". Now click on the tab where you created your tenant and you should see the following:




Add new application

Now that we have created our tenant, let's assign the application we created earlier to it. Remember that an application is the combination of a product, a package, and package ACL.

Click on the "+" near the tenant name, then click "Add New Application":


Select the product package that you created earlier and click "Add Application:



Generate a tenant external key

We still need to create an external key so that it can be used in the header of your requests.

Click on the "+" near the package name and press "Add New Key" and a new private key will be generated:

Now click on the key itself and click on the External Keys tab and click "Add New Application External Key"

Pick an expiry date if you want your external key to expire, or do not select a date to make you key live forever. Moreover, you can add additional security features such as device security and geolocation security.

Once you are done, click "Submit" and you will see your generated key:

Now copy this key and place it in the header of your requests and you should be able to successfully access your services/APIs!



Configure services config per tenant

Now that we have added a tenant, we can configure its services config, if required. Click here to learn more about services config.

Click on the "+" near the application name, then click on the Tenant Application Key, then on the Key Environment Configuration tab.

Here you will see a list of available environment where we can configure the services config.

Let's select the dev environment by clicking on the pencil near the environment name.

Now we can fill in the config object with any key:value we want to assign to all users of this tenant.




Tenant Organization Chart

The tenant organization chart module allows you to manage the users of all available tenants, if your logged in tenant has permission to do so.

To learn more about user registration, check out the URAC page.



My Organization Chart

My organization chart will allow you to manage the users only of the logged in tenant.


To learn more about user registration, check out the URAC page.



Settings

The Settings module will allow you to manage the settings of the logged in tenant.

  • No labels