Nexeed

Multitenant Access Control
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Do automated testing
        • Advertise things to colleagues
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
      • Troubleshooting
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Reporting Management
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator
Nexeed Learning Portal
  • Multitenant Access Control
  • Developer documentation
  • Getting started
  • Multitenancy
✎

Getting started with multitenancy

Find out the organizations (tenants) relevant for your application

The set of organizations (tenants) owning resources of an application may be of interest for use-cases like loading master data. This list of tenants equals the set of tenants that owns any of the application’s resources. This can easily be determined by collecting the values of the resource property owningTenantId from the application’s ACL. There may be more tenants that have access to the application’s resources due to sharing access. But as the owner of these resources is still the same, the set of relevant tenants does not change. Check out our sections on Sharing and Access management for further information.

Exchange data in a tenant-specific context

In multitenant capable systems, the organizational context of a request has to be respected for each resource access. See Sharing on how this context could be interpreted. There are multiple ways this can be implemented:

When accessing resources

  • API with path parameter (e.g. /{tenantID}/)

  • Resource server requests the tenant ID of the requestor from the userinfo endpoint of Multitenant Access Control

  • Form parameter (e.g. 'tenantID')

But keep in mind that due to Sharing the user’s or client’s tenant may differ from the tenant that owns the resource.

When accessing web applications

  • Path parameter (e.g. /{tenantID}/)

  • Query parameter (e.g. '?tenant={tenantID}')

When the organization (tenant) is switched, existing tokens have to be ignored (issuer mismatch) and a new login flow has to be triggered.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses