-
Intro
-
General Guidance
-
Tasks
-
Compliance
-
Controls
-
Meta Model
-
Administration
General Guidance
(Multiple) tenants
Role-Specific access
No specific role restrictions apply to this feature.
The affiliation with multiple tenants in vucavoid is not connected to an user's roles but to the user's identity. The identity of a vucavoid user is determined by its email adress. An user account can be invited to multiple tenants by inviting its email address.
Tenant
A tenant is the highest criterion of data separation between organizations in vucavoid. Basic rule is: No tenant data can be shared between tenants. This basic rule is by no means overwritten anywhere across vucavoid.
All compliance-relevant data, from requirements, to risks, findings, incidents, threats to structural data like domains and standards are only existing in the context of a specific tenant.
Every tenant is directly tied to a vucavoid subscription. It starts and ends with the start and end of a subscription. The free trial phase is the start to any subscription.
In its roots, the user account in vucavoid is separate from a tenant.
Further rules on the user-tenant relationship are:
- An user account can only be initialised from an active tenant by invitation.
- Every user that did not start a new tenant (new subscription) has to be invited from an existing tenant (existing subscription).
- Any user account can be invited to multiple tenants using the same identity (email address).
- No user can share tenant-related data between tenants.
- An user without an affiliation with active tenant is not able to use vucavoid's features outside of the administration of its personal account settings.
- An user account is not equal to an user identity. The user identity is based on the user's email address and is independent of any tenant affiliation. The user account is tied to the user's identity and regulated the affilation to vuvavoid tenants and the respective roles per tenant!
Blueprints
The only data that can be shared between tenants are blueprints. Blueprints do not contain any tenant-related data and do not exist on the basis of any tenant but either
- on global level (vucavoid-provided blueprints) or
- on the level of an user account (user-provided blueprints).
Once a blueprint is imported, into a tenant, it becomes a tenant-specific entity (e. g. a control) - which only exists in the context of the specific tenant. Blueprints that are imported to multiple tenants have no connection to one another.
See the documentation on blueprints for further information.
Multi-tenant setup
An user becomes part of mutliple tenants by being invited to each tenant using the email address that is either already used as the identity for an existing vucavoid account (an existing vucavoid identity) or is not yet used for an existing vucavoid account (and hence is no vucavoid identity yet).
If different email addresses are used for the user account, accounts cannot be merged at a later stage, the user needs to be re-invited using the correct (matching) email address and the old user account needs to be deleted from the tenant.
Once the user is part of a new tenant, the user only has such roles assigned that got assigned when the new tenant invited the user. The roles for each tenant can be changed subsequent to the invitation. This can only be done by an authorized user manager or tenant admin of the respective tenant. Roles cannot be inherited or "set as in TENANT XYZ".
Important to note: There is no affiliation between roles of different tenants. If an user account has the role of tenant admin in one tenant, there is no impact on the user's roles in any other tenant.
Use cases for such a setup
Potential use cases for a multi-tenant setup are listed below (non exhaustive):
Use case | Notes |
---|---|
Group setup (concern) | Multi-tenant setup for groups of companies (concern). Even though it is possible to establish such setups with a single tenant in vucavoid, it might be favorable to some groups having multiple tenants and assign relevant roles to the same users across tenants. |
Consultant account | Acting as a consultant to mutliple clients using vucavoid, being invited by the same email address. Main objective could be to either support the client's compliance management or even fully handle it for the client in vucavoid. Especially useful for (asynchronous) remote consultation. |
Auditor account | Acting as an auditor and requiring access to compliance data of multiple tenants. This could entail control performance data (i. e. uploaded evidence and effectiveness reports in vucavoid), risk assessments or the incident history. Especially useful for (asynchronous) remote auditing services. |
Third party | Based on the industry or specific contractual relationship, it is possible to assign acess to specific parts of a tenant for third party users. Examples could be to provide access for incident response or access to specific controls (e. g. reporting on the performance of specific controls directly in the own vucavoid tenant). |
Investor | Providing access to either a venture capital company, a bank or another form of investor that is interested in keeping on track with the latest compliance posture development (e. g. risks, incidents, findings or requirements). |
Regulator | Similar to the auditor use case, external regulators can be interested in access to specific parts of the compliance posture of an (regulated) organization's tenant (e. g. risks, incidents or control performances). |
Switching Between Tenants
Even though, there is no connection between tenants and tenant-specific data is kept strictly separate, users that are part of multiple tenants can easily switch between tenants to work on multiple organizations/clients/affiliates.
For more information on this, see the section "" in the documentation entry on navigation in vucavoid.
For a short information on this, please see the following video, showscasing two ways to switch tenants, either via the tenant dropdown menu in the sidebar or via the Spotlight overlay naviation, being activated by using CTRL + K for Windows users or for MacOS users.
vucavoid multi-tenant setup: Switch between tentants using the tenant dropdown menu in sidebar or use our Spotlight navigation to switch tenants (demo data).