19 Multi-Tenant Support

Oracle Adaptive Access Manager by default is enabled for multitenancy. A single instance of Oracle Adaptive Access Manager can support multiple client applications. Models and Rules can be centrally administrated and can be shared between applications, with the option to personalize for individual applications. Customer Care Admin users can be restricted to create and view cases only for users from their applications. Adaptive Strong Authenticator can also be personalized for each application for look and feel.

Figure 19-1 Multi-Tenant Scenario Example

19.1 Configuring Access Control for Customer Care Uses

In the bharosa_server.properties file, please update the following properties:

#This enables check for access control for CSR users in ARM

bharosa.multitenant.enforce.admin.check=true
 
#List the admin roles have super user roles. Users with this role will have access to all the users with OAAM. You can provide multiple roles separated by comma

bharosa.multitenant.superuser.ldap_groups=

For each application (tenant), create an Oracle Adaptive Access Manager User Defined Enum element. An example of the properties is shown below.

#Replace Tenant1, Tenant2, ... with your appIds
bharosa.extgroupid.enum.Tenant1=2
bharosa.extgroupid.enum.Tenant1.name=Tenant1
bharosa.extgroupid.enum.Tenant1.description=Tenant one group
#List the roles (separated by comma) who have access to this Tenant. 
bharosa.extgroupid.enum.Tenant1.ldap_groups=Tenant1
#If this is true, then access control will be enforced for this tenant. 
bharosa.extgroupid.enum.Tenant1.access_control_adminusers=true
 
bharosa.extgroupid.enum.Tenant2=3
bharosa.extgroupid.enum.Tenant2.name=Tenant2
bharosa.extgroupid.enum.Tenant2.description=Tenant two group
bharosa.extgroupid.enum.Tenant2.ldap_groups=Tenant2
bharosa.extgroupid.enum.Tenant2.access_control_adminusers=true