Tenant Management
Overview
The Tenant Settings section within the LoginRadius Admin Console is a central hub for administrators to manage and control all aspects of their tenant's environment. This encompasses various functionalities, including the tenant's overall preferences and configurations and the specific settings and permissions associated with individual teams and team members. Through this comprehensive suite of tools, administrators can effectively tailor the tenant's experience to align with their unique requirements and operational workflows.
This guide details the various configuration options for your tenant.
- General
- Custom Domain
- IP Access
- Configuration Deploy
- Team Members
- Team SSO
- Audit
API Configuration
The API Configuration section within your tenant's settings provides a comprehensive suite of tools for managing and customizing your API integrations. This encompasses a range of features designed to ensure both security and flexibility:
-
API Accounts: This section allows you to oversee and administer your account's API key and secret. You can view existing credentials, manage their permissions, and revoke access as needed to maintain security. API keys and secrets are highly sensitive and have powerful management capabilities. Always store and use them securely, avoiding exposure in code repositories, logs, or public sources.
-
Additional API Secret: You can generate supplementary API secrets for enhanced security and granular control over your integrations. This enables you to issue separate credentials for different applications or services, limiting the potential impact of a compromised key.
-
SOTT (Mobile App): If your tenant utilizes mobile applications, this feature allows you to generate and manage SOTT (Single One Time Token). These tokens are essential for secure communication and authentication between your app and your tenant's API.
Configured Domains
Enhance security by restricting API access to trusted sources. Configuring and managing a list of authorized domains ensures that API requests originate only from approved sources, adding an extra layer of protection against unauthorized access.
Data Storage Location
LoginRadius has various data storage centers worldwide, and users’ current data storage location is visible.
The Custom Domain feature LoginRadius allows you to use your domain name when accessing Hosted Pages, ensuring a seamless and branded experience for your users. This feature simplifies the Custom Domain Setup process by guiding you through domain configuration and verification using DNS CNAME records. These records map your custom domain to the LoginRadius platform, enabling a smooth and secure integration.
Key Features
- Branded User Experience – Use your domain for Hosting Pages to maintain brand consistency.
- Seamless DNS Configuration – Easily set up and configure your custom domain using CNAME records.
- Verification Status Indicator – Check whether your domain has been successfully verified or if further action is required.
- Enhanced Security & Compliance – Ensure a secure connection and compliance with authentication standards.
By aligning your DNS configuration with LoginRadius requirements, you can ensure the smooth operation of your custom domain, providing users with a personalized and professional experience. Refer to Custom Domain & SSL Configuration documentation for more configuration steps.
The IP Access section lets administrators control access to LoginRadius APIs by permitting or restricting connections from specific IP addresses or ranges. This is achieved through the following configurations:
-
Activation Toggle: This setting enables or disables IP-based access control.
-
Access Type: This setting determines whether the IP addresses/ranges you specify can access the APIs (Allowlist) or are blocked from accessing the APIs (Blacklist).
-
IP Management: This setting allows you to add new IP addresses/ranges and remove or update existing IP addresses/ranges.
For more information, refer to the IP Access section of the API Security document.
This feature facilitates the streamlined configuration transfer between different environments, typically development, staging, and production. This is essential to maintain consistency and ensure that changes in one environment can be easily propagated to others.
Key Components
-
Source tenants Selection: This is where you specify the environment (dev, staging, etc.) from which the existing configurations will be copied.
-
Destination tenants Selection: This is where you specify the target environment where the copied configurations will be deployed.
-
Deployment Trigger: This action initiates the actual transfer of configurations from the source to the destination environment.
This feature is invaluable for several reasons: -
Streamlined Workflow: It eliminates the need to manually replicate configurations across different environments, saving time and reducing the potential for errors.
-
Consistency: It ensures that all environments work with the same set of configurations, minimizing discrepancies and unexpected behavior.
-
Testing and Validation: Changes can be thoroughly tested in a development or staging environment before being deployed to production, reducing the risk of breaking the live application.
-
Rollback Capability (Potential): In case of issues, copying the previous configuration in a different environment can facilitate quick rollback to a stable state.
For more information, refer to the Configuration Deploy documentation.
The Team Members section is critical for managing user accounts within your tenant. It provides a comprehensive overview of all team members, displaying their email addresses and current status in the User List. This allows you to quickly assess who has access to your tenant and their activity level.
Team Roles
The Team Members section allows you to assign specific roles to each team member. These roles determine their level of access and the actions they can perform within the tenant.
-
Owner: The Admin role grants the highest level of access, allowing users to manage all aspects of the tenant, including user accounts, settings, and integrations.
-
Admin: The Admin role grants the highest level of access after the Owner, allowing users to manage all aspects of the tenant, including user accounts, settings, and integrations.
-
Developer: The Developer role provides access to development tools and resources, enabling users to build and customize applications within the tenant.
-
Custom Roles: You can also create custom roles with specific permissions tailored to your organization's needs. This allows you to fine-tune access controls and ensure that team members have the appropriate level of authority.
Each team member can be managed by an Admin or Owner, who can edit the member's role, manage their membership, or transfer ownership of the account to another person. For more details on Roles & Permissions, refer to the Manage Team Members documentation.
Inviting New Team Members
In addition to managing existing team members, you can invite new users to join your tenant. The Team Members section provides a streamlined invitation process, allowing you to send invitations directly from the platform. Once an invitation is accepted, the new team member will be added to the User List and can be assigned a role based on their responsibilities.
This section is designed to manage Single Sign-On (SSO) access for your team members when they log into the LoginRadius Dashboard. By configuring SSO, you can streamline and centralize the authentication process, enhancing security and user experience.
Key Features
-
SSO Configuration: This is where you'll set up SSO using SAML (Security Assertion Markup Language), a widely adopted standard for exchanging authentication and authorization data between an identity provider (like Okta, Azure AD, or Google) and a service provider (the LoginRadius Dashboard). You'll need to configure the necessary SAML settings, such as metadata URLs and certificates, to establish a trusting relationship between the two systems.
-
Action: This feature allows you to edit or delete the configuration related to the SSO set for your tenant.
For more information, refer to the SSO Connector Overview documentation.
The Team Audit Log is a centralized tool that tracks and records all team member activities within the system, ensuring transparency and accountability. It captures configuration updates, schema changes, and other modifications, with each entry including a timestamp, activity type, and the responsible user.
Key Features:
- Comprehensive Activity Tracking: Logs all changes, including system configurations and user actions.
- Detailed Timestamps & User Attribution: Provides visibility into who made changes and when.
- Security & Compliance Support: Helps maintain audit trails for regulatory and security purposes.
- Real-Time Monitoring: Enables quick detection and troubleshooting of unauthorized or erroneous changes.
- Export & Search Capabilities: Easily filter, search, and export logs for in-depth analysis.
LoginRadius Tenants License
A LoginRadius Tenants License provides a dedicated environment for user authentication and data management across digital properties (websites, mobile apps).
- Dedicated Database: Each tenant has a devoted user database, separating data between brands or projects.
- Unified Configuration: You can configure settings, social logins, and other features once, and they will apply to all connected properties within that tenant.
- Shared User Base: Enables Single Sign-On (SSO) across properties within the same tenant.
When do you need multiple Tenants?
- When user data sets must remain entirely separate with no correlation.
- As a LoginRadius partner managing different clients, ensuring client data isolation.
Multiple Site Management
The same login credentials can be used to access and manage multiple tenant Licenses, enabling effortless switching and configuration synchronization between tenants. Each tenant operates independently, maintaining its user base and configurations. To switch between tenants, click on the current tenant name to open a list of available tenants associated with your login, then navigate to the desired tenants.