Limited support

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments. Click here to view the documentation for the current version.

Configuring multitenancy

The multitenancy feature provides the ability to segregate all data by operating company and customer company. This topic describes how to configure BMC Digital Workplace  so that configuration data provided by BMC Digital Workplace  is restricted to a specific tenant company. A system administrator first prepares the tenant configuration utility, actives the master tenant, and then activates tenants as needed.The master tenant is associated with a company in BMC Remedy IT Service Management (BMC Remedy ITSM) that is used for overall administration. Administrators who are members of the master tenant company can set the provider settings from the Digital Workplace Admin console. Each subtenant is associated with a company in BMC Remedy ITSM.  Subtenants use the provider settings from the master tenant. This means that only an administrator for the master tenant can modify the provider settings.

Multitenancy and access to data

In BMC Remedy IT Service Management (BMC Remedy ITSM), configure multitenancy for data that comes from BMC Remedy ITSM, such as users and service request definitions (SRDs). When users are set up, they are granted access to data for one or more companies. For data that is maintained in BMC Remedy ITSM, such as SRDs, the same access is provided in BMC Digital Workplace  without any additional configuration. For example, if you create separate SRDs for the Calbro and Acme companies, and grant Bob Unser access only to the Calbro company, he can see and request only SRDs from the Calbro company.

However, BMC Digital Workplace  also provides configuration data that is not available in BMC Remedy ITSM, such as:

  • Quick-pick lists of SRD catalog items showing up on the Catalog tab
  • Catalog configuration
  • How-to links
  • Social posts not tied to any BMC Remedy ITSM tickets or BMC Service Request Management service requests
  • Broadcasts

  • Location features
  • Service health
  • Appointment and reservation features

Note

Users get access only to the BMC Digital Workplace configuration data for the company to which they are assigned on the People form in the Company field in the General tab, even if they have access to multiple companies through the access restrictions. For example, if Joe Unser, a self-service user, is assigned Calbro company in the Company field of the People form, he has access to how-to links and SRDs that are configured for Calbro, but not the how-to links and SRDs that are configured for Acme. This also applies to the Digital Workplace Admin console: if Allen Allbrook, a BMC Digital Workplace administrator, is a member of the Calbro company, he can configure how-to links and locations for Calbro only. If Allen Allbrook also needs to configure how-to links and locations for Acme, he requires a second user ID that is a member of the Acme company.

For the Digital Workplace Admin console, an exception to the per-company configuration is the Providers Settings area of Configuration. The Provider Settings are shared for all companies (tenants). After you activate multitenancy, the Providers Settings are no longer available from the Digital Workplace Admin console. Instead, you must use the tenant admin utility to configure the provider settings.

Before you begin

  • Configure multitenancy in BMC Remedy ITSM, as described in Multi-tenancy in the BMC Remedy ITSM documentation.
  • Locate the tenant configuration utility in DWP_HOME\DWP\tenant-config\scripts.
  • Ensure that all users who belong to the master tenant have the Super Admin permissions. Without these permissions, a master tenant user is not able to login to  BMC Digital Workplace  after the multitenancy is configured,

To prepare the tenant configuration utility

  1. On the BMC Digital Workplace  server, move the tenant-config.jar from DWP_HOME/tenant-config to a folder with scripts:
    • (LinuxDWP_HOME/tenant-config/scripts/linux
    • (WindowsDWP_HOME\tenant-config\scripts\win.
  2. (Optional) To run the tenant configuration utility on a server other than the BMC Digital Workplace  server, copy the scripts/linux or scripts/win folders from  BMC Digital Workplace  server to the server that will run the utility.
  3. In a text editor, edit the set_env.bat (Windows) or set_env.sh (Linux) to set the following parameters:

    ParameterValueAdditional information
    java_homePath to your java directoryDo not include the “bin” directory at the end of the path. Surround the path with double quotes, as in the example provided in the file.
    myit_server_urlhttp://DigitalWorkplaceServer/dwp

    myitServer must be the host name of the BMC Digital Workplace server. If you will run the tenant configuration utility from the BMC Digital Workplace server, you can enter localhost, as in http://localhost:PORT/dwp,
    where PORT is BMC Digital Workplace server Tomcat port.

    API_TOKENNot available

    Copy the API_token from the connect-dwp.properties located in the <Tomcat_home>/external_conf directory.

    Note: This value is automatically generated and populated in the file upon fresh install or upgrade.

    API_SECRETNot applicable

    Copy the API_secret from the connect-dwp.properties located in the <Tomcat_home>/external_conf directory.

    Note: This value is automatically generated and populated in the file upon fresh install or upgrade.

    tenant_nameDefault value: 000000000000001Tenant identifier required for tenant operations.
    master_tenant_nameDefault value: 000000000000001Master tenant configuration details are copied during creation of a sub-tenant.
    company
    Company identifier of a sub-tenant.
    SAML_authenticationTrue or FalseMust be set (to True or False) before a tenant or sub-tenant is added.
  4. Test the utility by running the following command:

    (Windows) list_tenants.bat
    (Linux) list_tenants.sh

    You should see a default tenant with the name 000000000000001.

To activate the master tenant

A database admin runs the following SQL statement:

UPDATE TENANT SET HOSTNAME = 'localhost;@Company:<Master Tenant Company>' WHERE HOSTNAME='localhost'

Replace <Master Tenant Company> with the company name for the master tenant company, such as Calbro Services, as in the following example:

UPDATE TENANT SET HOSTNAME = 'localhost;@Company:Calbro Services' WHERE HOSTNAME='localhost' 

Note

Do not activate the master tenant company as a subtenant.

To activate subtenants

  1. In the tenant configuration utility directory, edit set_env.bat (Windows) or set_env.sh (Linux) with a text editor, and set the company to the name of the BMC Remedy ITSM operating or customer company that you are activating.

    1. (Linux) Find the line that says  COMPANY="" and put the company name inside the quotes. For example, COMPANY="Acme".

    2. (Windows) Find the line set company= and add the company name to the end after the =. For example, set company=Acme.

  2. Run add_subtenant.bat (Windows) or add_subtenant.sh (Linux).

  3. Repeat steps 1 through 3 for each company that you are activating.

    Note

    Ensure that you activate subtenants for all required companies. Users from the companies that do not have activated subtenants are not able to log in to BMC Digital Workplace after the multitenancy is configured.

Where to go from here

If you are rebranding the universal client, you must rebrand it for each tenant, as described in Manually rebranding the Universal Client.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments