Knogin
[Developers]

Tenant and Organisation Management

**Provision, isolate, and govern multiple agencies or customers on a single platform whilst guaranteeing that each retains complete sovereignty over its own data.**

Back to All Modules
Category: ManagementLast Updated: Feb 23, 2026
managementaireal-timecomplianceblockchain

Overview#

Provision, isolate, and govern multiple agencies or customers on a single platform whilst guaranteeing that each retains complete sovereignty over its own data.

A state police agency shares the platform with thirty county sheriffs and two federal task forces. Each body has its own data, its own users, and its own compliance obligations. Some choose to share specific case files; none should see each other's unshared records. At the same time, the platform administrator needs to stand up a new county sheriff's office in under an hour, not in a week of manual configuration.

Tenant and Organisation Management handles all of this through strict multi-tenant isolation, hierarchical organisation structures, and dynamic resource allocation. Multi-agency law enforcement platforms, SaaS providers, and government shared services rely on these controls to maintain complete data sovereignty whilst enabling cross-tenant collaboration only when explicitly authorised.

Key Features#

  • Multi-Tenant Isolation. Complete logical and cryptographic separation between tenants ensures data security and regulatory compliance. Each tenant has unique encryption keys, making data at rest inaccessible across tenant boundaries. Optional dedicated infrastructure is available for regulated environments that require physical isolation in addition to logical separation.

  • Hierarchical Organisation Structure. Build complex organisational hierarchies that mirror real-world structures, from global enterprises to local field offices. Parent-child relationships support unlimited depth with automatic permission inheritance from parent to child organisations, reducing administrative overhead when managing large agency networks.

  • Resource Quotas and Allocation. Dynamically allocate and manage resources across organisations with real-time monitoring and automated enforcement. User licence counts, compute allocation for AI workloads, and API call budgets are all configurable per tenant, with alerting when usage approaches defined limits.

  • Cross-Tenant Collaboration. Securely share data and collaborate across tenant boundaries through explicit Community of Interest (COI) channels and sharing agreements. Joint investigations allow multiple agencies to collaborate on shared cases whilst each agency's unshared data remains invisible to the other. Every cross-tenant access event is written to the immutable audit trail.

  • Tenant Analytics and Reporting. Visibility into tenant health, usage patterns, and operational metrics gives platform administrators an accurate picture of the entire estate. Daily and monthly active user counts, feature adoption rates, and resource utilisation inform capacity planning and support billing accuracy.

  • Tenant Lifecycle Management. Automated onboarding with approval workflows reduces time-to-productive from days to hours. Configuration templates for common deployment scenarios (law enforcement, intelligence, government services) ensure new tenants start with appropriate defaults rather than blank slates. Decommissioning workflows honour data retention obligations before accounts are closed.

  • Deployment Models. The platform is available as a fully managed cloud service with automatic updates and security patches, requiring zero infrastructure maintenance from the customer organisation. Organisations with strict data residency or network isolation requirements may elect dedicated infrastructure with a custom subdomain on your tenant's domain.

Use Cases#

  • Multi-agency law enforcement platforms that require strict inter-agency data boundaries without sacrificing the ability to work joint investigations.
  • State and regional intelligence fusion centres that need controlled cross-tenant sharing between contributing agencies.
  • Federal shared services spanning multiple departments with independent billing, quota management, and governance.
  • International coalition operations using Community of Interest channels for information exchange across sovereign boundaries.
  • County and municipal government with multiple departments each requiring separate data isolation and independent configuration.
  • Commercial SaaS operators onboarding many enterprise customers onto a common platform whilst meeting each customer's contractual isolation requirements.

Integration#

The platform exposes tenant and organisation management through a GraphQL API, allowing customers and platform administrators to create, update, and query tenants and organisations programmatically. REST endpoints are also available for webhook-driven provisioning workflows and integration with external identity directories.

  • Provisioning automation. Tenants and child organisations can be created via API calls with configuration templates applied at creation time, enabling infrastructure-as-code and GitOps deployment patterns.
  • Identity federation. Tenant authentication integrates with your organisation's existing identity provider using OAuth 2.0 and OpenID Connect. User directories can be synchronised automatically using SCIM 2.0, eliminating manual account management.
  • Billing and cost recovery. Automated monthly invoice generation per organisation supports government-compatible procurement workflows and shared-services cost recovery models with alerting on budget overruns.
  • Resource scaling. Compute auto-scaling for intensive workloads is tied directly to per-tenant resource quotas, so one tenant cannot consume capacity reserved for another.
  • Normalised data model. All records carry a globally unique tenant identifier (RFC 4122 UUID) scoped across every platform integration, ensuring isolation is enforced uniformly regardless of the feature or data domain.

Open Standards#

  • OAuth 2.0 (RFC 6749). The authorisation framework underpinning all API access, including tenant-scoped service-to-service tokens with explicit scope bindings.
  • OpenID Connect 1.0 (OIDC). Used for federated identity and single sign-on, allowing tenants to delegate authentication to their own identity provider.
  • SCIM 2.0 (RFC 7642 / RFC 7643 / RFC 7644). Automated user and group provisioning and de-provisioning between the platform and enterprise identity directories.
  • JSON Web Token (JWT, RFC 7519). Token format for all authenticated API calls, carrying tenant identifier and permission scope claims.
  • RFC 4122 UUID. Globally unique identifiers used to label every tenant, organisation, and resource record, guaranteeing collision-free isolation across multi-tenant deployments.
  • ISO 3166-1 / ISO 3166-2. Country and subdivision codes used for data residency zone configuration and jurisdiction-aware compliance rule selection.
  • EU GDPR. Data residency zone enforcement, configurable audit retention windows, and subject-access controls are built to align with General Data Protection Regulation obligations.
  • EU NIS2 Directive. Tenant security configuration and incident reporting capabilities are structured to support the organisational and technical measures required under NIS2 for operators of essential services.
  • ISO 8601. All timestamps in API responses and audit records use ISO 8601 date-time strings, ensuring interoperability with external systems and log management tooling.

Security and Compliance#

Every write to a tenant or organisation record produces an immutable audit log entry capturing the actor, the before state, the after state, and the precise change set. Audit records are retained for a configurable period (30 to 3,650 days) set per tenant to match the organisation's regulatory obligations.

Cross-tenant access is impossible by design: the tenant identifier is injected into every data query at the platform layer, so a misconfigured application cannot inadvertently expose one tenant's records to another. This boundary is enforced at the data layer rather than relying solely on application-level checks.

Encryption keys are unique per tenant. Data at rest belonging to one tenant cannot be decrypted using another tenant's key material, providing cryptographic isolation in addition to logical separation.

Last Reviewed: 2026-02-23 / Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.