Tenant and Organization Structure
The Netgraph Connectivity Platform is multi-tenant by design. Every configuration, every administrator, and every end-user record belongs to a defined tenant scope, and the platform enforces separation between tenants at all times. This section describes the structure so that responsibilities and data boundaries are clear in a procurement or contractual context.
At a glance
- Levels
- Platform Owner › Partner › Organization › Service Context
- Tenant boundary
- Absolute between organizations; access is explicit and additive
- Identity
- One global user identity, with roles assigned per scope
- Platform-level
- A few resources (such as the user profile) sit outside any tenant scope
The hierarchy
Section titled “The hierarchy”The platform is organized as four nested levels:
| Level | Who operates it | What it holds |
|---|---|---|
| Platform Owner | Netgraph | Platform-wide settings and the partners operating on the platform. |
| Partner | A Netgraph partner | The partner’s own settings and the organizations it serves. |
| Organization | The customer | The customer’s settings, administrators, and one or more service contexts. |
| Service Context | The customer | A single running instance of one service (Sign In, EntryPoint, EasyPSK, or Endpoint Manager). |
An organization is the customer’s top-level tenant. It is the container that holds the services the customer has licensed, the administrators who manage them, the organization-wide settings, the audit log, and the federation and webhook configuration that apply across the organization.
Service contexts
Section titled “Service contexts”A service is the capability. A context is one running instance of that capability inside an organization. An organization can run several contexts, including more than one context of the same service, for example separate Sign In contexts for different venues or audiences.
Each context carries its own configuration, its own delegated administrators, and its own audit trail. Contexts within an organization operate independently of one another and do not share state.
User identity and scope
Section titled “User identity and scope”A user is a single identity on the platform. The same identity can be granted roles in more than one organization, and at more than one level of the hierarchy. What a user can see and do is determined entirely by the roles assigned to that identity, evaluated per scope. A user with a role in one organization has no visibility into another organization unless separately granted.
Access is therefore additive and explicit. There is no implicit “view everything” override, and the boundary between organizations is absolute.
Platform-level resources
Section titled “Platform-level resources”A small number of resources sit outside the organization, partner, and context scopes and are tied only to the authenticated user. The clearest example is the user’s own profile. These resources do not require an organization or partner context to access.
What the structure is not
Section titled “What the structure is not”- An organization is not a service. It does not authenticate users on its own; the service contexts do.
- An organization is not a branding unit. Each context configures its own end-user experience.
- An organization is not a permission ceiling for end users. End-user access is governed by the policies of the relevant context, not by the organization.
Related sections
Section titled “Related sections”- Roles and Administration Levels: the role model that operates within this hierarchy.
- Support and Responsibility Allocation: how operational responsibility maps onto partners and Netgraph.