What is Tenant

The article explains, what tenant is and how to set up tenant (clinic)

In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)
Structure of a Tenant
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize
id should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URL
name is a tenant name
logoUrl defines where the tenant logo image is. The link should be publicly accessible
identityProvider defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the built-in Login form
client
id is the Client ID in the external identity provider
secretis the Client Secret in the external identity provider
scopes is an array of scopes identity providers supports
system should be a string representing the current tenant. Users of the tenant should have the same system value in their identifier property
token_endpoint is the token endpoint of the external identity provider
userinfo_endpoint is the userinfo endpoint of the external identity provider
authorize_endpoint is the authorize endpoint of the external identity provider
How to create a Tenant
With external identity provider
Without identity provider
POST /Tenant
content-type: text/yaml
​
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize
POST /Tenant
content-type: text/yaml
​
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
How to create a User
With link to identity provider
Without link to identity provider
POST /User
content-type: text/yaml
​
resourceType: User
active: true
email: [email protected]
identifier:
  - system: aidbox:tenant:my-clinic
    value: user-id-in-external-identity-provider
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant
POST /User
content-type: text/yaml
​
resourceType: User
active: true
email: [email protected]
password: secret # should be provided
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant
meta.tenant links the user to the Tenant
There should be one element in the identifier section where
system links to the identityProvider.system
value is the user ID in the external identity provider

Multitenancy approach

Email templating

Last modified 2mo ago