Tenant & Workspaces Overview

Multi-tenant architecture documentation for Burdenoff products.

Tenant System

The tenant system is the entry point for all Burdenoff products, enabling multi-tenant architecture across the entire product ecosystem.

Repository Structure

tenant/
├── tenant-backend/     # Tenant management backend
└── tenant-state/       # Tenant database and state

Multi-Tenancy Patterns

Tenant Isolation

Database per Tenant: Each tenant has dedicated database
Schema per Tenant: Shared database, separate schemas
Row-Level Security: Shared tables with tenant_id

Current Implementation

Burdenoff uses a hybrid approach:

Shared infrastructure
Tenant-specific configuration
Data isolation via tenant_id
Resource quotas per tenant

Workspaces Platform

Website: https://burdenoff.com Alpha App: https://alphaapp.burdenoff.com Production App: https://app.burdenoff.com

Purpose

Workspaces serves as:

Central tenant management
User authentication hub
Product access gateway
Billing and subscriptions

Tenant Lifecycle

1. Tenant Creation

async def create_tenant(name: str, domain: str):
    # Create tenant record
    tenant = await db.tenants.create({
        "name": name,
        "domain": domain,
        "status": "active"
    })

    # Initialize tenant database
    await init_tenant_database(tenant.id)

    # Create default workspace
    await create_default_workspace(tenant.id)

    return tenant

2. Tenant Configuration

Custom branding
Feature flags
Resource limits
Integration settings

3. Tenant Management

User management
Role assignment
Billing management
Usage monitoring

4. Tenant Deactivation

Data retention
Grace period
Data export
Final deletion

Authentication Flow

User → Workspaces Login → Auth Service
     ↓
  JWT Token Generated
     ↓
  Token includes tenant_id

2. Product Access

User → Product App → Validate JWT
     ↓
  Extract tenant_id
     ↓
  Load tenant context
     ↓
  Serve product

Data Isolation

Database Level

-- Every table has tenant_id
CREATE TABLE users (
  id UUID PRIMARY KEY,
  tenant_id UUID NOT NULL REFERENCES tenants(id),
  email TEXT NOT NULL,
  ...
);

-- Row-level security
CREATE POLICY tenant_isolation ON users
  USING (tenant_id = current_setting('app.tenant_id')::uuid);

Application Level

# Automatic tenant filtering
class TenantAwareQuery:
    def filter_by_tenant(self, query, tenant_id):
        return query.filter(tenant_id=tenant_id)

Resource Management

Quotas

Storage limits
API rate limits
User limits
Feature access

Monitoring

Resource usage tracking
Quota enforcement
Billing integration
Alert notifications

Cross-Tenant Operations

Admin Operations

Super admin access
Cross-tenant reporting
System maintenance
Audit logging

Security

Strict access control
Audit trails
Data encryption
Compliance

Multi-Product Access

Product Integration

Users authenticated via Workspaces can access:

All 31+ Burdenoff products
Single sign-on (SSO)
Unified billing
Shared user profile

Product Authorization

interface TenantContext {
  tenantId: string;
  userId: string;
  permissions: string[];
  products: {
    productId: string;
    access: 'full' | 'limited' | 'none';
  }[];
}

Tenant Metadata

Configuration

{
  "tenant_id": "uuid",
  "name": "Acme Corp",
  "domain": "acme.com",
  "branding": {
    "logo": "url",
    "colors": {...}
  },
  "features": {
    "sso": true,
    "api_access": true,
    "custom_domain": true
  },
  "limits": {
    "users": 100,
    "storage_gb": 500,
    "api_calls_per_minute": 1000
  }
}

Tenant System​

Repository Structure​

Multi-Tenancy Patterns​

Tenant Isolation​

Current Implementation​

Workspaces Platform​

Purpose​

Tenant Lifecycle​

1. Tenant Creation​

2. Tenant Configuration​

3. Tenant Management​

4. Tenant Deactivation​

Authentication Flow​

1. User Login​

2. Product Access​

Data Isolation​

Database Level​

Application Level​

Resource Management​

Quotas​

Monitoring​

Cross-Tenant Operations​

Admin Operations​

Security​

Multi-Product Access​

Product Integration​

Product Authorization​

Tenant Metadata​

Configuration​

Next Steps​