OPS 3: How are new tenants onboarded to your system?

Use an automated, predictable process is used to introduce new tenants into your system. This would cover all the steps required to introduce a new tenant, including the provisioning of infrastructure, a tenant, a user identity, isolation policies, billing, and any tenant configuration. Reducing friction here promotes operational efficiency and organizational agility.

Resources

The Secret to SaaS (Hint: It's Identity)
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS
SaaS Quick Start Highlights Identity and Isolation with Amazon Cognito

Best Practices:

Improvement Plan

Use manually triggered scripts to provision tenants

  • Operations teams use runbooks and a collection of one or more scripts to provision a new tenant.
  • Provide a fully automated, self-service user experience that configures and executes tenant provisioning

  • Users (internal or external) are presented with a guided user experience that collects all the data and configuration options that are needed to onboard a new tenant. 
  • An onboarding service orchestrates all the moving parts of onboarding a new tenant, tracking each step of the provisioning process and surfacing progress data that can be displayed as part of an operational experience.
  • For systems that have billing integration, the system supports a fault tolerant process for provisioning the billing account. If the process fails, it does not fail the overall onboarding process. Instead retries are used to eventually create the billing account.
  • Metrics are surfaced by the onboarding process, providing insights into the overall performance and reliability of the onboarding experience.
  • Use a single automated process to onboard tenants

  • Operations teams collect all the configuration data that is needed for a new tenant.
  • A single script is invoked by operations to configure and provision all of the constructs that are needed to introduce a new tenant into the system.
  • A validation step is run at the end of the onboarding script, to ensure that the onboarding process has left the tenant in a working state.
  • Onboarding scripts publish tenant-aware logs that can be used to analyze and troubleshoot onboarding issues.