Create new tenant entity

To further isolate and protect tenant data, create a new tenant entity. The tenant entity ensures that the tenant's data is segregated and secure. In this way, tenant data is managed in an isolated, independent way. The tenant entity is not a new hierarchy. Rather, it is a way to select assets in the system. There are no parent or child tenants.

If you are provisioning a new tenant with a license, when you create a tenant entity, you can choose to create the tenant's First User (Tenant Administrator). The Tenant Administrator user is scoped to the tenant root organization/groups and its children, and is automatically assigned the default Tenant Administrator role.

For information about the Tenant Administrator user and the default Tenant Administrator role assignment, see System-wide SaaS considerations, page 1.

If an organization is not associated with a tenant, it is assumed to belong to the Service Provider.

Before you begin

Create initial organizational hierarchy
Obtain the External Tenant ID for the tenant.

Procedure

Go to Organization Management. Under Hierarchies, select Tenant Settings.
From Tenant Settings, click Create in the lower right corner.
In the Tenant Details section, enter the tenant name, description, external tenant ID, and select the tenant organization and tenant root groups created previously. The description and tenant root groups are optional.
In the Tenant Admin User Details section, create the Tenant Administrator user: Enter the first name, last name, and user name of the tenant employee who will be the Tenant Administrator.

After the tenant entity is created, the Tenant Admin user is automatically assigned the default Tenant Administrator role.
Do not create the Tenant Administrator user together with the tenant entity in the following cases:
- If the tenant will not be assigned a license.
- On a system with HFR7 716/718 package or a system upgraded to 2020R1: If the tenant will be assigned a license.
- If you intend to integrate the tenant with the cloud platform. In this case, the Tenant Administrator is provisioned from an Azure Active Directory (AAD) into WFO by the Service Provider administrator. You then manually assign the appropriate security role and scope to the Tenant Administrator user after the user provisioning is complete. See the document Provision users from Azure Active Directory to WFO User Management for details.
For the cases described in the first two bullet items, after creating the tenant entity, manually create the Tenant Administrator user in the tenant's root organization. See Copy roles to the tenant organization (new tenant without a license) or Copy the default Tenant Administrator role to the tenant organization (new tenant with a license).
To send an email containing the tenant user name and password to the Tenant Administrator, select Send the tenant admin a notification email, and enter the email address of the Tenant Administrator.

The user password for the Tenant Administrator is auto-generated. The password is generated based on the minimum password length specified in the password policy settings. The password can consist of upper-case characters, lower-case characters, and numbers. If a minimum password length is not specified in the password policy settings, the auto-generated password consists of eight characters and numbers.
Click Create.

A confirmation message appears, indicating that the tenant entity was successfully created. The new tenant details now appear under Tenant Settings, and the new Tenant Administrator user appears under User Management.

The Tenant Administrator user is created as a DB Realm user. If required, you can reconfigure the Tenant Administrator user to use SAML authentication. For more information, see the Authentication Configuration Guide.
To change tenant entity details after the tenant is created, under Tenant Settings select the tenant and click Edit.

To change the Tenant Administrator user's details, under User Management select Usernames.

You can change the tenant Name, Description, and External ID, but not the root organization or assigned root groups. If you need to change a root organization or groups for a tenant, contact Support.