Tenant Settings

About Tenant Settings

A Tenant represents a customer space. Within each Tenant, you can maintain one or more Environments, each representing a significant stage or aspect of your organization. For example, different stages in your development cycle. Alternatively, you can use different Environments in any way you feel it would benefit your organization. Each Tenant is associated with an IDP (IDentity Provider). The following options are offered on the Tenant Settings screen:

• Tenant IDP Settings
• Hybrid Agent Key Settings
• Policy Authorization Agent (PAA)
  • A Tenant Admin manages global PAA Groups available for use in all Environments within the Tenant, promoting consistency and simplifying the process of configuring and maintaining Policies across your organization. This global configuration allows Tenant Admins to manage numerous Environments without requiring changes to individual modifications.

Note: Global PAAs exclusively function with Environments that are set up to collaborate with Global PAAs.

• Policy Information Point (PIP)
  • Tenant Admins can control the global aspects of PAAs and PIP Settings, which allows for wider control over a number of Environments and oversee PIP settings for PAAs within the framework of Global PAA Groups. Global PIP settings serve to centralize the integration of Data Sources and the retrieval of information and Attributes globally. This streamlines the access to essential data while ensuring all policies draw from the same Data Sources.

Note: Environments can employ either a Global PAA and PIP Settings or Environment-specific PAA and PIP Settings.

To access the Tenant Settings screen:

• Click the Tenant settings icon on the title bar. The Tenant IDP Settings screen opens with the currently defined IDP source displayed.

When an External IDP is used, the screen also displays the IDP Application Settings (ClientID, Client Secret, Client Authentication), as well as IDP General Settings and Tenant Authorization Settings.

Tenant API Client Credentials

API Client Credentials allow administrators to create and manage credentials at the Tenant Level. These credentials facilitate integration and automation for Management APIs without the need for traditional IDP accounts by leveraging a standard OAuth2 Flow. Key features include:

• Secure interactions and operations across the Tenant.
• Centralized control over management activities and automation flows.
• Enhanced overall security posture of the Platform.
  To create API Client Credentials:

1. Open the Tenant Settings.
2. From the Tenant Settings screen, click API Client Credentials to see a list of Clients.
3. Click Create Client. The Details side panel opens.
4. In the Name field, enter the API Client Name.
5. Add a Description for your API Client Credential (optional).
6. Set a Token Duration. The duration can range from 15 minutes to 24 hours (1440 minutes).
7. Click Generate Client. A Client ID and Secret are automatically assigned and copied as needed.
8. Click Save.

Note: The Permission type will always be Admin on the Tenant level.

While the API Client ID cannot be changed, you can regenerate the Secret.
To regenerate a Secret:

1. Open the Tenant Settings screen and click API Client Credentials.
2. Select the Client Credentials you want to regenerate a secret for. The Details side panel opens.
3. Next to the Secret field, click Regenerate. You can now copy the new Secret.

Refer to the API Client Key documentation in the Developer Portal for more information and methods on how you can use your API Client Credentials.