Tenants

A tenant is an isolated instance of Avi Vantage. Each Avi Vantage user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi Vantage restricts their access to only those resources that are in the same tenant.

If a user is associated with multiple tenants, each tenant still isolates the resources that belong to that tenant from the resources in other tenants. To access resources in another tenant, the user must switch the focus of the management session to that other tenant.

Notes:

  • For information on switching a management session from one tenant to another, click here.
  • For information on tenant-scoped clouds, read this article.
  • Starting with Avi Vantage 18.2.5, certificates from the admin tenant can be shared by non-admin tenants. For more information read the Sharing Certificates Across Tenants article.

Default Tenant

By default, all resources belong to a single, global tenant: admin. The admin tenant contains all Avi Vantage resources.

The default admin user account belongs to the admin tenant and therefore can access all resources.

If no additional tenants are created, all new Avi Vantage user accounts are automatically added to the admin tenant.

Tenant-to-Role Mapping

Within each user account, the role selected for the user is mapped to a tenant. If only one tenant is defined (the default admin tenant), this tenant is automatically mapped to the role selected for the user. This allows the user to access all resources, to the extent (write, read, or no access) allowed by their role.

Creating additional tenants allows a user account to have multiple roles. In this case, within the user account, each role can be mapped individually to a tenant. Or, optionally, a single role can be mapped to all tenants.

If a single role is mapped to all tenants, the default tenant for that user must be selected. The default tenant is the one the user is placed into when logging into Avi Vantage. After logging in, the user can switch the management session to other tenants as needed.

All Tenants View-only Tenant for Super Users

Avi Vantage user accounts that are enabled for super user access automatically have access to a special read-only tenant: All Tenants. The All Tenants view provides read-only access to all resources within Avi Vantage.

The All Tenants tenant cannot be mapped to any roles within a user account. The All Tenants tenant is automatically made available to all super user accounts.

Create a Tenant

To create a tenant:

  1. Navigate to Administration > Tenants, and click Create.
  2. Enter a name for the new tenant.
  3. Optionally, enter a description.
  4. Click Save.

The new tenant appears in the tenant table.

new-tenant-intable

The admin account is automatically added to each new tenant.

Add an Existing User to a Tenant

To add a user to a tenant:

  1. Navigate to Administration > Users.
  2. Click on the edit icon next to the user name.
  3. Click Add Tenant and select the new tenant. (If the new tenant does not exist yet, click Create Tenant.) A new set of mapping fields appears.
    tenant-select
  4. Select the role from the Role pull-down list. tenant-select2
  5. Click the minus sign next to any mappings that are no longer needed.
    tenant-select3
    After the unneeded mapping is deleted:
    tenant-select4
  6. Click Save.

The tenants table reappears, showing the change. tenant-select5

Single Role for All Tenants

This option allows the user account to access any tenant from the same role. In this case, the default tenant must be selected. The default tenant is the one into which the user is placed after logging in.

In the following example, a user is allowed to access all tenants, and will automatically be placed into tenant cust1-tenant after login. tenant-select6