Multi-Tenant Mode

Setting up multiple tenants in a single Automator instance

Overview

Keeper Automator supports a multi-tenant configuration, so that a single deployment can perform automations for multiple Keeper Enterprise environments.

  • For MSP environments, a single Keeper Automator instance can be used to run multiple Managed Companies.

  • For Enterprise customers, a single instance can process approvals for any number of identity providers.

Once the server is running, you can use it for multiple SSO nodes, even in different enterprises.

MSP with Multiple Managed Companies

The steps for activating one Automator instance for multiple Managed Companies is below:

(1) Login to Commander as the MSP Admin

My Vault> login my_msp_admin@company.com

(2) Switch context to the Managed Company

My Vault> msp-info

MSP Plans and Licenses
-----------------------
  #  Plan Id           Available Licenses    Total Licenses    Stash
---  --------------  --------------------  ----------------  -------
  1  business                          83               100        0
  2  businessPlus                      50               100        0
  3  enterprise                        80               100        0
  4  enterprisePlus                    85               100        0

  #      ID  Name                     Plan              Allocated    Active
---  ------  -----------------------  --------------  -----------  --------
  1   81386  Demo Managed Co. LLC     enterprisePlus            5         0
  2   81344  Elite Auto Works         business                  5         4
  3  114391  John's Garage            enterprisePlus            5         0
  4  114392  John's Garages           enterprisePlus            5         0
  5   81345  Perfect Teeth Dental     businessPlus             50         4
  6  114281  Test                     business                 12         0
  7   81346  Troy Financial Services  enterprise               20         0

Find the MC you want to set up, select the ID and then type:

switch-to-mc <ID>

(3) Create an Automator instance

Use the common Automator URL in the "edit" step

For example:

My Vault> automator create --name="Tenant1" --node="SSO Node"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

(4) Switch back to MSP

Switch back to the MSP Admin context

My Vault> switch-to-msp

For each Managed Company, repeat the above 4 steps.

Multi-Tenant Enterprise

The steps for activating one Automator instance for multiple Nodes in the same Enterprise tenant is below:

(1) Login to Commander as Admin

My Vault> login admin@company.com

(2) Create the Automator Instance

For each Node, use the same "edit" URL. For example:

My Vault> automator create --name="Tenant A" --node="<node_name>"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

Then, simply set up another instance with the same URL endpoint:

My Vault> automator create --name="Tenant B" --node="Azure"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

Note that they have different names and IDs and are assigned to different nodes but they use the same URL.

Repeat step (2) for every node to set up multiple tenants on the same Automator instance.

Last updated