Multi-Tenancy

A10 Control is inherently multi-tenant, meaning it can segregate management across different teams or customer groups securely. In a multi-tenant setup, different administrators may have authority over different subsets of devices or partitions, without visibility into others. This is achieved through a combination of a hierarchical administrative scope model and a robust Role-Based Access Control (RBAC) system.

This section explains how multi-tenancy can be achieved. The primary structure for multi-tenancy in A10 Control is a two-level hierarchy:

• Organization: This is the top-level tenant account (analogous to a company or a major account). An Organization contains one or more Org Units. Each Organization has its own admin users, its own pool of devices and resources, and is isolated from other Organizations.

  In a self-managed deployment, a controller (super-admin) user can create multiple separate Organization accounts – for example, a managed service provider might host an Organization for each customer.

• Org Unit: These are logical groupings of partitions within an Organization. They are essential for provisioning and analytics, and allow you to delegate administration to smaller teams or projects. For instance, if Organization “Acme Corp” has two departments using A10 devices, each department could be an Org Unit with its own Org Unit Admin managing its applications.

  Org Units leverage RBAC to ensure activities remain isolated. Each Org Unit maintains its own application services (such as ADC instances or DDoS policies), and its Org Unit Admin cannot modify resources in other Org Units.