Enable and configure multitenancy

Enable the multitenancy architecture and set its core parameters through the Helm deployment configuration.

Before you begin

Ensure that you have the following details and access:

  • Administrative access to the Kubernetes cluster where HCL Universal Orchestrator is deployed.
  • The Helm CLI installed and configured to manage the deployment.
  • Permissions to modify the values.yaml file for the HCL Universal Orchestrator Helm chart.
  • The user IDs or group IDs from your OIDC provider to designate as administrators.

About this task

Enable and configure the multitenancy architecture for a HCL Universal Orchestrator deployment. This task is intended for service provider administrators with access to the Helm deployment configuration.

Important: You cannot change the multitenancy configuration after the initial installation. You must decide whether to enable multitenancy before you install the product for the first time.

Procedure

  1. Open your custom values.yaml file in a text editor.
  2. In the config section, locate or create the multitenant section.
  3. Set the enabled field to true. 
    config:
                        multitenant:
                        enabled: true
  4. Configure the parameters for tenant identification, database naming, and lifecycle automation.
  5. Specify the service provider administrators authorized to access the Tenant Manager.
    You can specify administrators by individual user IDs, group IDs, or a combination. To authorize specific users, add their OIDC user IDs to the userIds list. To authorize all users in a specific group, add the group name to the groupIds list.
    admins:
                        # List of user IDs that are authorized as tenant administrators
                        userIds:
                        - unoSaaSAdmin@example.com
                        # List of group IDs that are authorized as tenant administrators
                        groupIds:
                        - SaaSAdmins
                        # A list of user ID regex patterns to further filter user IDs from groups.
                        userIdFilters:
                        - .*@example.com
  6. Save the changes to the values.yaml file.
  7. Run a Helm upgrade to apply the configuration to your deployment.
    Replace <release-name> and <chart-version> with your specific deployment details.
    helm upgrade <release-name> hcl-uno/uno-chart --version <chart-version> -f values.yaml

Results

When the Helm upgrade completes, the HCL Universal Orchestrator instance runs in multitenant mode. The Tenant Manager component is enabled and accessible to the configured service provider administrators.