Strategy One

Preview Feature: Multi-tenant Object Isolation

Starting in Strategy One (March 2026), you can use metadata level multi-tenancy to host and manage multiple tenants, such as business units, departments, or customers, within a single platform deployment. Each tenant operates in an isolated environment which ensures secure separation of users, projects, and content, while authorized administrators maintain centralized governance across all tenants.

Prerequisites

Enable the Preview Feature

  1. Open the Workstation window.

  2. Log in to your environment.

  3. Click Help and enable Preview Features.

Enable Multi-tenancy

Ensure you backup your metadata before enabling this feature. Once you enable multi-tenancy, it can not be disabled.

  1. Open the Workstation window.

  2. Log in to your environment.

  3. Right-click your environment and ensure Multi-tenancy Enabled displays.

Additional Prerequisites

  • You must have the Create and manage tenants privilege.

  • You must use a metadata PostgreSQL database.

  • Cognitive search must be enabled.

Key Concepts

The following concepts related to the multi-tenant feature are used in the following topic:

  • Global User: A user who is not associated with any tenant.

  • Global Admin: A global user with administrative privileges.

  • Tenant User: A user who is assigned to a specific tenant.

  • Tenant Admin: A tenant user with administrative privileges within that tenant. Tenant administrators are restricted to managing their own tenant.

  • Global objects: The configuration objects have not been assigned to a tenant. It is not accessible to tenant users.

Tenant Usage

Tenant Management

Authorized administrators can perform the following actions:

  • Create tenants

  • Manage existing tenants

  • View tenant properties, including the tenant ID

  • Edit tenants to assign users or projects

  • Rename tenants

  • Delete tenants

    Object previously associated will display as Unknown Tenant.

  • Disable tenants to prevent associated users from logging in

Global administrators retain full visibility and administrative control across all tenants.

User Management

Tenant-aware access control is enforced automatically by the platform.

  • All existing users are treated as Global Users until assigned to a tenant.

  • Users and user groups can be assigned to only one tenant.

  • User visibility and permissions are limited to their assigned tenant.

  • View the tenant a user is assigned in the Tenant column of the Users & Groups monitor page.

To assign a user to a tenant:

  1. In the left Navigation pane, click Tenants.

  2. Right-click a tenant and choose Edit.

  3. In the left pane, click Users and Groups.

  4. Click Edit Members.

  5. Select the check box next to the member(s) you want to add.

  6. Click Update.

When a tenant administrator creates users or user groups, they are automatically assigned to the tenant that is associated with the current session.

Project Management

  1. In the left Navigation pane, click Tenants.

  2. Right-click a tenant and choose Edit.

  3. In the left pane, click Project Access.

  4. Click Edit Projects.

  5. Select the check box next to the project(s) you want to add.

  6. Click OK.

See the following notes and limitations:

  • All project-level objects inherit the tenant of the project.

  • Projects assigned to a tenant are visible only to users of that tenant and authorized global users.

  • Global Projects (tenant-less projects) are hidden from tenant users and visible only to global users.

  • A project can be assigned to a tenant only once and cannot be reassigned.

  • Deleted unassigned projects may temporarily appear due to metadata index delay.

  • Project tenant assignment cannot be modified from the project properties panel.

Configuration Object Management

Existing configuration objects are treated as global objects when the feature is enabled. New configuration objects inherit the tenant of the current user session.

To assign a configuration object to a tenant:

  1. Right-click a tenant object and choose Properties.

  2. In General, expand the Tenant drop-down list and choose a tenant.

  3. Click OK.

Switch to Tenant

Global administrators can switch to tenant to temporarily assume the context of a specific tenant and validate tenant isolation and visibility.

To switch to tenant:

  1. In the Navigation pane, click Environments.

  2. Right-click the connected environment, click Edit, and choose Project List.

  3. Select the check box next to Switch to tenant.

  4. Choose a tenant from the drop-down list.

  5. Click OK.

To exit the tenant:

  1. In the Navigation pane, click Environments.

  2. Right-click the connected environment, choose Edit and Project List.

  3. Deselect the check box next to Switch to tenant.

  4. Click OK.

Web and Mobile Customization

Strategy Web/Mobile servers can be configured to be dedicated to a tenant. You can customize your environment to reject connections from users that don't belong to that tenant.

To configure Web to be tenant-bound:

  1. Go to [Your_tomcat_Path]/WEB-INF/xml/.

  2. Edit the sys_defaults.properties files.

  3. Add the following line to the end of the file:

    Copy 
    tenantId=[Your_tenant_ID]

  4. Save the modification.

  5. Restart the Web/Mobile server.

Additional Information

For more information on the functions of multi-tenant objects isolation, see Multi-tenant Objects Isolation Additional Information.