Skip to content
Platform

Tenant and Organization Structure

The Netgraph Connectivity Platform is multi-tenant by design. Every configuration, every administrator, and every end-user record belongs to a defined tenant scope, and the platform enforces separation between tenants at all times. This section describes the structure so that responsibilities and data boundaries are clear in a procurement or contractual context.

At a glance

Levels
Platform Owner › Partner › Organization › Service Context
Tenant boundary
Absolute between organizations; access is explicit and additive
Identity
One global user identity, with roles assigned per scope
Platform-level
A few resources (such as the user profile) sit outside any tenant scope

The platform is organized as four nested levels:

LevelWho operates itWhat it holds
Platform OwnerNetgraphPlatform-wide settings and the partners operating on the platform.
PartnerA Netgraph partnerThe partner’s own settings and the organizations it serves.
OrganizationThe customerThe customer’s settings, administrators, and one or more service contexts.
Service ContextThe customerA single running instance of one service (Sign In, EntryPoint, EasyPSK, or Endpoint Manager).

An organization is the customer’s top-level tenant. It is the container that holds the services the customer has licensed, the administrators who manage them, the organization-wide settings, the audit log, and the federation and webhook configuration that apply across the organization.

A service is the capability. A context is one running instance of that capability inside an organization. An organization can run several contexts, including more than one context of the same service, for example separate Sign In contexts for different venues or audiences.

Each context carries its own configuration, its own delegated administrators, and its own audit trail. Contexts within an organization operate independently of one another and do not share state.

A user is a single identity on the platform. The same identity can be granted roles in more than one organization, and at more than one level of the hierarchy. What a user can see and do is determined entirely by the roles assigned to that identity, evaluated per scope. A user with a role in one organization has no visibility into another organization unless separately granted.

Access is therefore additive and explicit. There is no implicit “view everything” override, and the boundary between organizations is absolute.

A small number of resources sit outside the organization, partner, and context scopes and are tied only to the authenticated user. The clearest example is the user’s own profile. These resources do not require an organization or partner context to access.

  • An organization is not a service. It does not authenticate users on its own; the service contexts do.
  • An organization is not a branding unit. Each context configures its own end-user experience.
  • An organization is not a permission ceiling for end users. End-user access is governed by the policies of the relevant context, not by the organization.

Next