Configuring multitenancy

The multitenancy feature provides the ability to segregate all data by operating company and customer company. This topic describes how to configure BMC Digital Workplace so that configuration data it provides is restricted to a specific tenant company. A system administrator prepares the tenant configuration utility, activates the master tenant, and then activates tenants as needed. The master tenant shoud be associated with a company in BMC Remedy IT Service Management (BMC Remedy ITSM). Administrators who are members of the master tenant company can set the provider settings from the BMC Digital Workplace Admin console. Each subtenant is associated with a company in BMC Remedy ITSM. Subtenants use the provider settings from the master tenant. Only an administrator for the master tenant can modify the provider settings.

Multitenancy and access to data

In BMC Remedy ITSM, configure multitenancy for data that comes from BMC Remedy ITSM, such as users and service request definitions (SRDs). When users are set up, they are granted access to data for one or more companies. For data that is maintained in BMC Remedy ITSM (such as SRDs), the same access is provided in BMC Digital Workplace without any additional configuration. For example, if you create separate SRDs for the Calbro and Acme companies, and grant Bob Unser access only to the Calbro company, he can see and request only SRDs from the Calbro company.

BMC Digital Workplace also provides configuration data that is not available in BMC Remedy ITSM, such as:

Quick-pick lists of SRD catalog items that appear on the Catalog tab
Catalog configuration
How-to links
Social posts not tied to any BMC Remedy ITSM tickets or BMC Service Request Management service requests
Broadcasts

Location features
Service health
Appointment and reservation features
BMC Digital Workplace Catalog services

Note

Users get access only to the BMC Digital Workplace configuration data for the company to which they are assigned on the People form (on the Company field of the General tab), even if they have access to multiple companies through access restrictions. For example, if Joe Unser, a self-service user, is assigned to Calbro company on the People form, he has access to how-to links and locations configured for Calbro, but not the how-to links and locations configured for Acme. This also applies to the BMC Digital Workplace Admin console—if Allen Allbrook, a BMC Digital Workplace administrator, is a member of the Calbro company, he can configure how-to links and locations for Calbro only. If Allen Allbrook also needs to configure how-to links and locations for Acme, he needs a second user ID that is a member of the Acme company.

For the BMC Digital Workplace Admin console, an exception to the per-company configuration is the Providers table of Configuration (on the Application Features page). The Providers table is shared for all companies, but only master tenant MyIT Admins can configure provider settings.

Before you begin

Configure multitenancy in BMC Remedy ITSM, as described in Multi-tenancy in the BMC Remedy ITSM documentation.
Locate the tenant configuration utility in DWP_HOME\DWP\tenant-config\scripts.

To prepare the tenant configuration utility

On the BMC Digital Workplace server, move the tenant-config.jar from DWP_HOME/tenant-config to a folder with scripts:
- (Linux) DWP_HOME/tenant-config/scripts/linux
- (Windows) DWP_HOME\tenant-config\scripts\win.
(Optional) To run the tenant configuration utility on a server other than the BMC Digital Workplace server, copy the scripts/linux or scripts/win folders from the BMC Digital Workplace server to the server that will run the utility.

In a text editor, edit the set_env.bat (Windows) or set_env.sh (Linux) to set the following parameters:

Parameter	Value	Additional information
java_home	Path to your Java directory	Do not include the “bin” directory at the end of the path. Surround the path with double quotes, as in the example provided in the file.
myit_server_url	http://DigitalWorkplaceServer/dwp	myitServer must be the host name of the BMC Digital Workplace server. If you will run the tenant configuration utility from the BMC Digital Workplace server, you can enter localhost, as in *http://localhost:PORT/dwp, where PORT* is the BMC Digital Workplace server Tomcat port.
API_TOKEN	Not available	Copy the API_token from the connect-dwp.properties file in the <Tomcat_home>/external_conf directory. Note: This value is automatically generated and populated in the file upon fresh installation or upgrade.
API_SECRET	Not applicable	Copy the API_secret from the connect-dwp.properties file in the <Tomcat_home>/external_conf directory. Note: This value is automatically generated and populated in the file upon fresh installation or upgrade.
tenant_name	Default value: 000000000000001	Tenant identifier required for tenant operations.
master_tenant_name	Default value: 000000000000001	Master tenant configuration details are copied during creation of a subtenant.
company		Company identifier of a subtenant.
SAML_authentication	True or False	Must be set (to True or False) before a tenant or subtenant is added.

Test the utility by running the following command:
```
(Windows) list_tenants.bat
(Linux) list_tenants.sh
```
You should see a default tenant with the name 000000000000001.

To activate the master tenant

A database administrator runs the following SQL statement:

UPDATE DWP_SYSTEM.Tenant SET HOSTNAME = 'localhost;@Company:<Master Tenant Company>' WHERE HOSTNAME='localhost';

Replace <Master Tenant Company> with the company name for the master tenant company, such as Calbro Services, for example:

UPDATE DWP_SYSTEM.Tenant SET HOSTNAME = 'localhost;@Company:Calbro Services' WHERE HOSTNAME='localhost';

Note

Do not activate the master tenant company as a subtenant.

To activate subtenants

In the tenant configuration utility directory, edit set_env.bat (Windows) or set_env.sh (Linux) with a text editor, and set the company to the name of the BMC Remedy ITSM operating or customer company that you are activating.
- (Linux) Find the line that says COMPANY="" and put the company name inside the quotes, for example, COMPANY="Acme".
- (Windows) Find the line set company= and add the company name to the end after the equals sign (=), for example, set company=Acme.
Run add_subtenant.bat (Windows) or add_subtenant.sh (Linux).
Repeat these steps for each company you are activating.
Note

Ensure that you activate subtenants for all required companies. Users from the companies that do not have activated subtenants are not able to log in to BMC Digital Workplace after the multitenancy is configured.

Where to go from here

After one or more tenants are activated, BMC Digital Workplace administrators must log on to the BMC Digital Workplace Admin console to set up configuration data for each tenant, as described in topics in the Administering section. Administrators can also configure a different set of features for each tenant as described in the Configuration example section.

If you are rebranding BMC Digital Workplace, you must rebrand it for each tenant, as described in Rebranding BMC Digital Workplace.