User Data Management – Multitenancy – GBG IDscan Documentation

User Data Management – Multitenancy

IEOS backend should be up and running as usual (usual installation steps: running msi package and creating database, etc…)

Enabling/activating multitenancy

BackendSettings.xml should be configured. The following key should be added to this file and set to “true”. This key will activate multitenancy.

<Setting Key=”MultiTenancyEnabled” Value=”true”/>

*If this key is set to false, the on-boarding application will use the default on-boarding database.

Configuring a database for saving the mapping between tenant databases and user groups

After configuring the backend key, web.config file also needs to be updated. There will be two additional configs as shown below. The first config is a SQL connection string and the second is an Oracle connection string.

<connectionStrings>
<add name="IEOSMultiTenancyEntities" connectionString="metadata=res://*/MultiTenancyModel.csdl|res://*/MultiTenancyModel.ssdl|res://*/MultiTenancy
<add name="MultiTenancyOracleEntities" connectionString="metadata=res://*/MultiTenancyOracleModel.csdl|res://*/MultiTenancyOracleModel.ssdl|res://
</connectionStrings>

*This connection string is for a new database with one table for mapping user groups to connection strings of tenant databases. IEOSMultiTenancy DB will contain one table called dbo.MultiTenancyMapping.

*If you have more than one tenant DBs, you do not add each of them in this web.config but in in Multi-Tenancy app which will be described in upcoming bullet points.

Windows application to map LDAP groups to tenant database connection strings

A windows application called “IDscan Multi Tenancy Application” can be used to map LDAP user groups to tenant databases.

*This application doesn’t create the tenant databases. So the tenant databases will have to be created using the scripts provided and then they can be mapped to the LDAP groups.

You click “ADD NEW” to create a new mapping between the LDAP group and a tenant database. The group name should be a valid LDAP AD group name (for ex: IDscan-Dev) and provide the tenant database connection string. You can create as many group-database mappings as needed.

When a user logs in, then they will be connected to the database that the LDAP group they belong to is mapped to.

To ensure the connection string is accurate, you can click on Test Connection to test connection to the tenant database.

You can use the DELETE option to delete a group-database mapping.

*Multiple user groups can be mapped to the same DB by duplicating the connection string.

*The group-database mapping is checked every time the application wants to make a database connection.

*If a user belongs to multiple groups, then they will be connected to the database of the first group in alphabetical order (ascending).

*There is no need to define the schema name. If multi-tenancy is enabled, just define connection string and the schema name will be detected automatically.

Was this page helpful?
Yes No