Configuring multitenancy

The multitenancy feature provides the ability to segregate all data by operating company and customer company. This topic describes how to configure BMC Digital Workplace so that configuration data provided by BMC Digital Workplace is restricted to a specific tenant company. A system administrator first prepares the tenant configuration utility, actives the master tenant, and then activates tenants as needed.The master tenant is associated with a company in BMC Remedy IT Service Management (BMC Remedy ITSM) that is used for overall administration. Administrators who are members of the master tenant company can set the provider settings from the Digital Workplace Admin console. Each subtenant is associated with a company in BMC Remedy ITSM. Subtenants use the provider settings from the master tenant. This means that only an administrator for the master tenant can modify the provider settings.

Multitenancy and access to data

In BMC Remedy IT Service Management (BMC Remedy ITSM), configure multitenancy for data that comes from BMC Remedy ITSM, such as users and service request definitions (SRDs). When users are set up, they are granted access to data for one or more companies. For data that is maintained in BMC Remedy ITSM, such as SRDs, the same access is provided in BMC Digital Workplace without any additional configuration. For example, if you create separate SRDs for the Calbro and Acme companies, and grant Bob Unser access only to the Calbro company, he can see and request only SRDs from the Calbro company.

However, BMC Digital Workplace also provides configuration data that is not available in BMC Remedy ITSM, such as:

Quick-pick lists of SRD catalog items showing up on the Catalog tab
Catalog configuration
How-to links
Social posts not tied to any BMC Remedy ITSM tickets or BMC Service Request Management service requests
Broadcasts

Location features
Service health
Appointment and reservation features

Note

Users get access only to the BMC Digital Workplace configuration data for the company to which they are assigned on the People form in the Company field in the General tab, even if they have access to multiple companies through the access restrictions. For example, if Joe Unser, a self-service user, is assigned Calbro company in the Company field of the People form, he has access to how-to links and SRDs that are configured for Calbro, but not the how-to links and SRDs that are configured for Acme. This also applies to the Digital Workplace Admin console: if Allen Allbrook, a BMC Digital Workplace administrator, is a member of the Calbro company, he can configure how-to links and locations for Calbro only. If Allen Allbrook also needs to configure how-to links and locations for Acme, he requires a second user ID that is a member of the Acme company.

For the Digital Workplace Admin console, an exception to the per-company configuration is the Providers Settings area of Configuration. The Provider Settings are shared for all companies (tenants). After you activate multitenancy, the Providers Settings are no longer available from the Digital Workplace Admin console. Instead, you must use the tenant admin utility to configure the provider settings.

Before you begin

Configure multitenancy in BMC Remedy ITSM, as described in Multi-tenancy in the BMC Remedy ITSM documentation.
Locate the tenant configuration utility in DWP_HOME\DWP\tenant-config\scripts.
Ensure that all users who belong to the master tenant have the Super Admin permissions. Without these permissions, a master tenant user is not able to login to BMC Digital Workplace after the multitenancy is configured,

To prepare the tenant configuration utility

On the BMC Digital Workplace server, move the tenant-config.jar from DWP_HOME/tenant-config to a folder with scripts:
- (Linux) DWP_HOME/tenant-config/scripts/linux
- (Windows) DWP_HOME\tenant-config\scripts\win.
(Optional) To run the tenant configuration utility on a server other than the BMC Digital Workplace server, copy the scripts/linux or scripts/win folders from BMC Digital Workplace server to the server that will run the utility.

In a text editor, edit the set_env.bat (Windows) or set_env.sh (Linux) to set the following parameters:

Parameter	Value	Additional information
java_home	Path to your java directory	Do not include the “bin” directory at the end of the path. Surround the path with double quotes, as in the example provided in the file.
myit_server_url	http://DigitalWorkplaceServer/dwp	myitServer must be the host name of the BMC Digital Workplace server. If you will run the tenant configuration utility from the BMC Digital Workplace server, you can enter localhost, as in `http://localhost:PORT/dwp`, where PORT is BMC Digital Workplace server Tomcat port.
API_TOKEN	Not available	Copy the API_token from the connect-dwp.properties located in the <Tomcat_home>/external_conf directory. Note: This value is automatically generated and populated in the file upon fresh install or upgrade.
API_SECRET	Not applicable	Copy the API_secret from the connect-dwp.properties located in the <Tomcat_home>/external_conf directory. Note: This value is automatically generated and populated in the file upon fresh install or upgrade.
tenant_name	Default value: 000000000000001	Tenant identifier required for tenant operations.
master_tenant_name	Default value: 000000000000001	Master tenant configuration details are copied during creation of a sub-tenant.
company		Company identifier of a sub-tenant.
SAML_authentication	True or False	Must be set (to True or False) before a tenant or sub-tenant is added.

Test the utility by running the following command:
```
(Windows) list_tenants.bat
(Linux) list_tenants.sh
```
You should see a default tenant with the name 000000000000001.

To activate the master tenant

A database admin runs the following SQL statement:

UPDATE TENANT SET HOSTNAME = 'localhost;@Company:<Master Tenant Company>' WHERE HOSTNAME='localhost'

Replace <Master Tenant Company> with the company name for the master tenant company, such as Calbro Services, as in the following example:

UPDATE TENANT SET HOSTNAME = 'localhost;@Company:Calbro Services' WHERE HOSTNAME='localhost'

Note

Do not activate the master tenant company as a subtenant.

To activate subtenants

In the tenant configuration utility directory, edit set_env.bat (Windows) or set_env.sh (Linux) with a text editor, and set the company to the name of the BMC Remedy ITSM operating or customer company that you are activating.
1. (Linux) Find the line that says COMPANY="" and put the company name inside the quotes. For example, COMPANY="Acme".
2. (Windows) Find the line set company= and add the company name to the end after the =. For example, set company=Acme.
Run add_subtenant.bat (Windows) or add_subtenant.sh (Linux).
Repeat steps 1 through 3 for each company that you are activating.
Note

Ensure that you activate subtenants for all required companies. Users from the companies that do not have activated subtenants are not able to log in to BMC Digital Workplace after the multitenancy is configured.

Where to go from here

After one or more tenants are activated, BMC Digital Workplace administrators must log on to the Digital Workplace Admin console to set up BMC Digital Workplace configuration data for each tenant, as described in topics in the Administering section. Administrators can also configure a different set of features for each tenant as described in the Configuration example section.

If you are rebranding the universal client, you must rebrand it for each tenant, as described in Manually rebranding the Universal Client.