Managing experience users for different clients

#1

Hi Folks -

I am wondering about best practices for managing the following use case. Our organization has multiple end users from different companies, all of which are our customers. We would like to provide an experience login for each user and limit each user to see only those devices that pertain to them. They all have the same workflow configuration and same layout of pages, but there may be some small variations in for each user as to which elements of the Dashboard Pages they see (probably handled through context variables).

Does this require creating different Organizations, or can they be managed under one master Organization with individual users from different companies (all of whom are customers of the master Organization)? I am thinking both about segregating the data, and also maintainably of the workflows without creating a lot of duplication.

Any thoughts would be much appreciated.

Thanks!

0 Likes

#2

This is a great question, and is a reference architecture we should definitely document. Here’s a high-level overview of our recommended best practice for deploying a multi-tenant app from within a single Application Experience.

  1. We recommended a single application to own all devices for all clients. This application also hosts your end-user experience.

  2. Each Experience User is added to a Experience Group for the client they belong to.

  3. That same group name is added as a Device Tag to each device owned by that client. For example, the tag key could be “client” and the value is the group’s name.

  4. Whenever a Experience Page is requested, the workflow backing it automatically gets the user information, which includes the Groups they belong to. You can then query all devices with the “client” tag equal to the group that the user belongs to.

  5. You can now display a list of all devices the user has access to and also verify the user has access to see data from a device by comparing the user’s group name to a specific device’s “client” tag.

1 Like

#3

@Brandon_Cannaday

Great guidance. Yes having documentation and example would be a big help for multi tenant.

Do you also have any recommendations on managing client-to-client variation in Dashboards and Pages (or possibly workflow variations for alerts) to reflect client preferences? I’m thinking of some OOP principles to have a base dssifn and over-rides for certain things (like logos and which gauges are exposed).

0 Likes

#4

I also would love to see this, it’s my application setup also.

0 Likes

#5

Generally custom Data Tables are a great place to store any configuration differences between clients. Then when a workflow runs, you can query the required row of configuration data based on the device’s “client” tag or the user group. The workflow can then perform different operations based on that configuration.

In terms of dashboards, you can use Context Variables to pass a wide variety of information into dashboard blocks. It’s most commonly used to pass a Device ID into a dashboard so you don’t have to build a dashboard for each individual device. However, you can also use it to pass it labels or different thresholds for the indicator block, etc. The context variable values can be stored in the Data Table and then passed into a Dashboard Experience Page based on the currently logged in user.

0 Likes

#6

Hey @Brandon_Cannaday

I was wondering if you had any suggestions on extending that reference architecture to include Experience Users who might belond tomore than one Client? I.e. a client might have multiple locations and some client users might need to certain all assets and other client users might want to see only those that relate to their location.

Thanks!

0 Likes

#7

I might recommend switching to User Tags instead of User Groups for this. This way you can add a “client” tag and a “location” tag. Tags, like Groups, will be automatically available in the workflow payload.

Then in the Get Device node, you can do a Tag Query for all devices that have a “client” and a “location” tag that matches the authenticated user’s tags.

0 Likes

#8

@Brandon_Cannaday

I’ve tried everything I can think of to use standard dashboard pages to automatically display a list of all devices an experience user has access to. I don’t think this is possible with any of the existing blocks. Can you correct me if I’m wrong?

I think I would need a Custom Experience Page, would you agree?

Thanks much

0 Likes

#9

I’ve elaborated on this architecture with step-by-step instructions here:

0 Likes