Airlock as a Service Knowledge Base
API Reference Service Status Airlock Console
airlock.com

Tenants

A tenant is an isolated workspace in Airlock IAM as a Service. It has its own IAM settings and end-user data. Each tenant runs a separate IAM instance. Tenants are fully isolated from each other; no data is shared between them.

One organization will usually have one tenant that operates in a production environment. It is possible to have additional non-productive tenants, to try out new configurations.

Tenants can be created, viewed, edit and deleted.

Prerequisites

To manage tenants, including their TLS settings, the roles AMC - Manage tenants and AMC - Manage TLS configuration are required. These roles are by default part of the SaaS Administrator role, but can also be assigned separately to an administrator. See also SaaS roles and permissions.

Location in the Airlock Console

You manage tenants and their TLS settings in the Tenants dialog of the Airlock Console. For this, go to Administration > Tenants.


Creating a tenant

  1. In the Tenants dialog, click the Create a tenant button.

  2. Specify the fields in the appearing window:

    • Color: Select a color to identify your tenant more easily. This color will be shown in the sidebar of the Airlock Console when this tenant is selected. It is also the background color of the corresponding tenant Airlock IAM Adminapp where administrators manage the end-users of the associated customer application(s). It doesn't have any effect on what end-users see.

    • Data center: Enter the region of the data center where the corresponding IAM instance will be deployed. Currently only one region (Switzerland North) is available.

    • Service level: This property specifies the service level and availability of Airlock IAM used by the tenant. Currently, there are two service levels: Non-production, to test and try out Airlock IAM, and Production, to use Airlock IAM in a production environment.

      Notice
      Always start with a non-production service level tenant to test your configuration. Creating a production service level tenant is disabled until all administrators in your organization use a second factor (Airlock 2FA and/or a passkey).

      Notice
      The Service level setting cannot be changed after the tenant is created.

  3. Click Create to create the tenant.
    ▶ The tenant is created. The next dialog shows the settings of the newly-created tenant.

    Notice
    Next to the Tenant tab are the TLS (Loginapp) tab, TLS (Adminapp) tab and the TLS (Transaction approval) tab, which specify the respective TLS settings. By default, regular TLS is used to secure the connection between the server and the client. However, we strongly recommend using mutual TLS for added security. For more information, see Editing the TLS settings further below.

  4. To get the tenant instance up and running, apply an initial working configuration using Getting started.

Notice
There is a limit of 30 tenants per organization. If you require more tenants, please contact Airlock Support.


Viewing and editing a tenant

  1. To view or edit an existing tenant, click the tenant entry in the tenant list in the Tenants dialog.
    ▶ The tenant details dialog opens.

  2. Update the tenant name, color, or data center (only while the tenant has not been deployed yet). You can also disable or re-enable the Getting started configuration by clicking Disable/Enable Getting Started.


Deleting a tenant

To delete a tenant, click on the respective tenant's entry in the list with tenants in the Tenants dialog. The next dialog shows the settings of the selected tenant. Click the red Delete button at the bottom of the dialog. Confirm the deletion in the following popup window.

Notice
Deleting a tenant cannot be undone.