Tenants Overview
Tenants are the foundational unit of multi-tenancy in SecureLink. Each tenant represents an organization or customer with fully isolated network resources, users, and devices.
What is a Tenant?
A tenant is an organizational boundary within the SecureLink platform. When you create a tenant, you create an isolated environment where:
- Edges are registered and managed independently
- Users (both administrators and VPN clients) belong exclusively to that tenant
- Configurations (WireGuard tunnels, ACLs, NAT rules, routes) are scoped to the tenant's devices
- Metrics and logs are collected and displayed per tenant
- Feature flags can be toggled independently for each tenant
All data within SecureLink is scoped to a tenant. There is no cross-tenant data visibility unless you are a SuperAdmin viewing the platform as a whole.
Tenant List
The Tenants page displays all tenants in the system with the following columns:
| Column | Description |
|---|---|
| Name | The display name of the tenant organization |
| ID | Unique tenant identifier (Snowflake ID) |
| Status | Current tenant status: Active, Suspended, or Disabled |
| Edges | Number of edge devices registered to this tenant |
| Users | Number of users (admins + VPN users) assigned to this tenant |
| Created Date | When the tenant was provisioned |
You can click on any tenant row to view its detail page, which provides full access to the tenant's devices, users, and configuration.
Tenant Isolation
SecureLink enforces strict tenant isolation at every layer:
- Database: All queries are filtered by
tenant_id— there is no way for one tenant's data to leak into another - MQTT: Edge devices publish and subscribe on tenant-scoped topics
- Metrics: Observability data (VictoriaMetrics, Loki) is labeled and filtered per tenant
- Configuration: Batch configs are built per tenant, ensuring each tenant's edges receive only their own configuration
- UI: TenantAdmin users can only see and manage resources within their assigned tenant
SuperAdmin users can view and manage all tenants. TenantAdmin users are restricted to their assigned tenant only.