Skip to main content

Configure multi-tenancy

Codefi Orchestrate supports separation of resources in namespaces called "tenants" with the use of JSON Web Tokens. Orchestrate is not an identity provider and does not generate JWTs. Use an identity provider such as Auth0 to generate JWTs.

To make requests in a multi-tenant environment, specify the JWT in the request header.

Follow these steps to configure multi-tenancy when starting [Orchestrate Gateway API].

tip

Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.

Configuration

Environment variableCommand line optionDescription
MULTI_TENANCY_ENABLEDmulti-tenancy-enabledIndicates whether to use multi-tenancy. The default is false.
AUTH_JWT_ISSUER_URLauth-jwt-issuer-urlJWT issuer server domain (for example, https://orchestrate.eu.auth0.com).
AUTH_JWT_AUDIENCEauth-jwt-audienceExpected audience (aud field) of the JWT tokens.
AUTH_JWT_ORCHESTRATE_CLAIMSauth-jwt-orchestrate-claimsPath to the orchestrate claims in the JWT.

Configuration: Machine-to-machine authentication

In multi-tenancy mode, you should set an API key used for secure communication between internal Orchestrate microservices, bypassing the JWT authentication.

important

It is not recommended using the API key to communicate with [Orchestrate Gateway API]. See how to use multi-tenancy for more details.

Environment variableCommand line optionDescription
AUTH_API_KEYauth-api-keyKey used for authentication.

Orchestrate Gateway API