What is Tenant

The article explains, what tenant is and how to set up tenant (clinic)

In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)

Structure of a Tenant

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize

id should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URL
name is a tenant name
logoUrl defies where the tenant logo image is. The link should be publicly accessible
identityProvider defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the built-in Login form
- client
  - id is the Client ID in the external identity provider
  - secretis the Client Secret in the external identity provider
- scopes is an array of scopes identity providers supports
- system should be a string representing the current tenant. Users of the tenant should have the same system value in their identifier property
- token_endpoint is the token endpoint of the external identity provider
- userinfo_endpoint is the userinfo endpoint of the external identity provider
- authorize_endpoint is the authorize endpoint of the external identity provider

How to create a Tenant

POST /Tenant
content-type: text/yaml

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize

POST /Tenant
content-type: text/yaml

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png

How to create a User

POST /User
content-type: text/yaml

resourceType: User
active: true
email: [email protected]
identifier:
  - system: aidbox:tenant:my-clinic
    value: user-id-in-external-identity-provider
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

POST /User
content-type: text/yaml

resourceType: User
active: true
email: [email protected]
password: secret # should be provided
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

meta.tenant links the user to the Tenant

There should be at one element in identifier where

system links to the identityProvider.system
value is the user ID in the external identity provider

PreviousMultitenancy approach NextEmail templating

Last updated 2 years ago

Was this helpful?