Setting up multiple tenants in a single Automator instance
Overview
Keeper Automator supports a multi-tenant configuration, so that a single deployment can perform automations for multiple Keeper Enterprise environments.
For MSP environments, a single Keeper Automator instance can be used to run multiple Managed Companies.
For Enterprise customers, a single instance can process approvals for any number of identity providers.
Once the server is running, you can use it for multiple SSO nodes, even in different enterprises.
MSP with Multiple Managed Companies
The steps for activating one Automator instance for multiple Managed Companies is below:
(1) Login to Commander as the MSP Admin
My Vault> login my_msp_admin@company.com
(2) Switch context to the Managed Company
My Vault> msp-info
MSP Plans and Licenses
-----------------------
# Plan Id Available Licenses Total Licenses Stash
--- -------------- -------------------- ---------------- -------
1 business 83 100 0
2 businessPlus 50 100 0
3 enterprise 80 100 0
4 enterprisePlus 85 100 0
# ID Name Plan Allocated Active
--- ------ ----------------------- -------------- ----------- --------
1 81386 Demo Managed Co. LLC enterprisePlus 5 0
2 81344 Elite Auto Works business 5 4
3 114391 John's Garage enterprisePlus 5 0
4 114392 John's Garages enterprisePlus 5 0
5 81345 Perfect Teeth Dental businessPlus 50 4
6 114281 Test business 12 0
7 81346 Troy Financial Services enterprise 20 0
Find the MC you want to set up, select the ID and then type:
switch-to-mc <ID>
(3) Create an Automator instance
Use the common Automator URL in the "edit" step
For example:
My Vault> automator create --name="Tenant1" --node="SSO Node"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>
(4) Switch back to MSP
Switch back to the MSP Admin context
My Vault> switch-to-msp
For each Managed Company, repeat the above 4 steps.
Multi-Tenant Enterprise
The steps for activating one Automator instance for multiple Nodes in the same Enterprise tenant is below:
(1) Login to Commander as Admin
My Vault> login admin@company.com
(2) Create the Automator Instance
For each Node, use the same "edit" URL. For example:
My Vault> automator create --name="Tenant A" --node="<node_name>"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>
Then, simply set up another instance with the same URL endpoint:
My Vault> automator create --name="Tenant B" --node="Azure"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>
Note that they have different names and IDs and are assigned to different nodes but they use the same URL.
Repeat step (2) for every node to set up multiple tenants on the same Automator instance.