Sometimes our customers will have their own clients that wish to use AuthAnvil two-factor authentication. The customers want to keep each group of AuthAnvil admins, tokens and users separate.
Others have a large number of employees across different offices that they would like to compartmentalize by location.
This can get overwhelming when you run everything in one combined AuthAnvil server, and it can be difficult to manage the hardware of running many different AuthAnvil servers.
That's where Multi-tenancy Mode comes in!
Multi-tenancy Mode allows a single AuthAnvil server to run separate divisions called "Sites". Each Site has it's own users, tokens, admins and logs, which allows each Site to be managed separately without having to maintain multiple servers.
What does Multi-tenancy mean for the customer?
For each individual client (or office) a customer has, they can each have their own Site which takes care of several concerns.
If one of our customers has a client that wants to purchase their own tokens, you simply import their tokens to one specific Site rather than being stored in one lump sum on the server. Nobody else is able to have these tokens assigned to them except for those on a specific Site, and they cannot access anybody else's tokens. This is an even greater help with hardware tokens, since they must be physically distributed to each user.
Our customers should never have to allow their client to administrate the whole AuthAnvil server in order to manage their own tokens and users. By dividing a large organization (or multiple companies) into Sites, each group has their own Admins able to manage settings and modify users.
This allows the main AuthAnvil administrator to delegate administration without any security risk to their own tokens.
All of the AuthAnvil Agents point back to an AuthAnvil server to authenticate users. They require 2 pieces of information to know where to send authentication requests:
Strong Authentication Server (SAS) URL - The link that the agent uses to communicate the Web Service where the AuthAnvil server is located
Site ID - The unique number to identify each individual Site. By default, this value is set to "1".
By separating users into Sites, you can allow an agent access to a specific site and only allow those users to authenticate through AuthAnvil.
Note: In order to allow users access to other sites on the same server, they use "Proxied Users" to point from one user on the same server to a different Site ID. They will only have a token on one specific site, but with the right configuration they can be set up to access all other sites.
How does Multi-tenancy work?
At the technical level, Multi-tenancy is already in place and the AuthAnvil server already uses Sites. The standard AuthAnvil 2FA server installation creates a site with Site ID "1". With multiple sites in a multi-tenant configuration, each one has a different ID number.
When a customer opens up the AuthAnvil Manager web page to log in to their AuthAnvil server, they will have a drop-down list for each site they have created. Every user goes to the same web page to log in, but each site contains a different group of users and tokens.
Multi-tenancy mode is a special file that allows an AuthAnvil administrator to create additional sites (2, 3, 4, etc). It works in tandem with the Management Console, and this is the only way for a customer to add multiple sites to their server.
How does a customer set up Multi-tenancy Mode?
(Click Here for a public Knowledgebase article about Multi-tenancy)
Multi-tenancy is only available to our confirmed Partners and Resellers. To get the Multi-tenancy script, they must request it from their account manager, or directly from Support by creating a case / emailing email@example.com.
As described in the KB article, the file is placed in their AuthAnvil server under C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools\bin. Once they run the Management Console with this script in place, they will have additional menu options to add and modify sites. Once a site is created, it is managed just like a normal AuthAnvil server.