Multi-Tenancy in the WKS Platform
Overview
The WKS Platform supports multi-tenancy to provide each client (tenant) with a secure, isolated environment, comparable to giving each tenant their own private suite in a shared office building. This architecture enables service providers to efficiently manage multiple clients while ensuring data separation, operational security, and configurability.
Architecture
WKS implements multi-tenancy through three core components:
- Tenant-specific subdomains for environment separation
- Keycloak realms for isolated authentication and authorization
- MongoDB databases for secure, per-tenant data storage
1. Tenant Subdomain Structure
Each tenant is assigned a unique subdomain as their entry point to the platform:
- Format:
tenant_id.somedomain.com
- Example:
saasCustomer1.wksplatform.com
This structure provides:
- A dedicated namespace for each tenant
- Easy DNS-level isolation
- Clear, secure routing of tenant-specific traffic
2. Keycloak Realms for Identity Management
Each tenant operates within its own Keycloak realm:
- Realm Isolation: Each realm provides a completely independent identity domain
- Local Credential Management: Users, roles, groups, and permissions are managed within the tenant’s realm
- Security Benefits: No credential overlap or access leakage between tenants
Tenant Onboarding Workflow:
- A new Keycloak realm is automatically provisioned
- Tenant-specific identity configurations are applied
- Role-based access control (RBAC) is set according to client requirements
3. MongoDB for Data Isolation
WKS allocates a dedicated MongoDB database for each tenant:
- Data Isolation: Ensures strict separation of all tenant records
- Security: No cross-tenant visibility or access
- Scalability: Databases can scale independently based on tenant activity and data volume
Database Lifecycle:
- Created automatically during tenant onboarding
- Tied directly to the tenant’s subdomain and Keycloak realm
- Managed independently for backups, performance tuning, and maintenance
Benefits of WKS Multi-Tenancy
- 🔐 Security: Full isolation of identity and data
- ⚙️ Customization: Each tenant can define their own workflows, roles, and integrations
- 🚀 Scalability: Infrastructure supports growth across multiple tenants without conflict
- 🧩 Flexibility: Tenants operate independently while benefiting from shared platform resources