Configure multi-tenancy
Codefi Orchestrate supports separation of resources in namespaces called "tenants" with the use of JSON Web Tokens. Orchestrate is not an identity provider and does not generate JWTs. Use an identity provider such as Auth0 to generate JWTs.
To make requests in a multi-tenant environment, specify the JWT in the request header.
Follow these steps to configure multi-tenancy when starting [Orchestrate Gateway API].
Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.
Configuration
| Environment variable | Command line option | Description |
|---|---|---|
MULTI_TENANCY_ENABLED | multi-tenancy-enabled | Indicates whether to use multi-tenancy. The default is false. |
AUTH_JWT_ISSUER_URL | auth-jwt-issuer-url | JWT issuer server domain (for example, https://orchestrate.eu.auth0.com). |
AUTH_JWT_AUDIENCE | auth-jwt-audience | Expected audience (aud field) of the JWT tokens. |
AUTH_JWT_ORCHESTRATE_CLAIMS | auth-jwt-orchestrate-claims | Path to the orchestrate claims in the JWT. |
Configuration: Machine-to-machine authentication
In multi-tenancy mode, you should set an API key used for secure communication between internal Orchestrate microservices, bypassing the JWT authentication.
It is not recommended using the API key to communicate with [Orchestrate Gateway API]. See how to use multi-tenancy for more details.
| Environment variable | Command line option | Description |
|---|---|---|
AUTH_API_KEY | auth-api-key | Key used for authentication. |