Tenjin Icon

Multi-Tenant Solution Guide

This document is for Service Providers operating Front Office under a multi-tenant license and should be considered with other Front Office support documentation. The multi-tenant solution supports multiple end tenants operating under a single Front Office application.

If you are interested in learning more about the multi-tenant solution, please contact the support team at https://frontofficehelp.biomni.com/hc/en-us/requests/new

This article will cover the following topics:

Solution Principles

The Front Office multi-tenant solution allows a Service Provider to publish services and requests to users in multiple end-tenants, all within a single Front Office application. Service catalogs and request forms can be tailored for individual end tenants, with no impact on other end tenants using the same system.

When operating under the multi-tenant mode, in addition to Division and Cost Center, Front Office provides the additional organizational structure of ‘Tenant’. In between the ever-present top-level Service Provider, and bottom-level End Tenant, one or more administrative level of ‘tenant’ can be established. A parent can administer their direct ‘child’s’ definition data.

Users assigned to intermediate and end tenants are restricted from viewing any content not published to them or created by them. A tenant will not have any visibility, or even be aware, of any other tenants’ setup within the same Front Office multi-tenant system.

Service Provider users have a supervisory view over the system and can view all tenant-related data. When configuring the Service Catalog or viewing the catalog as an end-user, the Service Provider user can choose to view it as a nominated user.

Intermediate Tenant levels (for example, ‘Distributor’ and ‘Reseller’) can configure the creation and editing of any direct ‘tenant’ below.

End Tenants are created via a single-entry point and are associated to a single division. Multiple users, cost centers, and addresses can be defined. There is a single Service Catalog across the solution but an end tenant’s view of it can be adjusted in several ways. The request form that an end tenant creates can also be varied, using the Request Type Variant feature. Key aspects of the end tenant’s theme, including banner heading, logos, and site colors, can be edited.

Nominated end tenant users can also be granted tenant-level administrative access to their organization’s user and address information. Ongoing tenant-specific administration can therefore be delegated to nominated users within an end tenant organization.

Please contact the support team at https://frontofficehelp.biomni.com/hc/en-us/requests/new for further information.


A multi-tenant license is required to enable the features necessary to support multiple tenants within one Front Office installation. The multi-tenant license must be applied early in the implementation phase as users cannot change their state once created.

  • Please email info@biomni.com for licensing information.

Integration & Organization Configuration

Defining ‘levels’

Prior to the first tenant being created, it is essential to create the structure if multiple tiered levels are being utilized between the Service Provider and the end tenant. This is configured via the Admin menu and clicking on the drop-down against the Tenant (Admin > Organization > Tenant).

The default record on the first entry to the page is ‘Tenant’, which denotes the end tenant. If additional levels are required, the ‘Tenant’ record should be renamed to reflect the level below the Service Provider. Additional levels can be added as required, finishing with the end tenant. Any level may be renamed but only levels with no tenant assigned can be deleted.

The Service Provider should not be included as a ‘level’.

  • If more than one level of management structure is required, this must be configured prior to creating the first tenant.


Solution-wide integration settings for Front Office adapters are maintained in Settings > Integration Settings and a flag against the setting determines whether it can be overwritten at tenant level, via Organization > Tenant. Only the Service Provider can view and edit Tenant overrides.

Tenant – for Service Provider Administrators

The Tenant screen allows new tenants to be created and existing tenants to be edited. Only the Service Provider has access to all aspects of Tenant Maintenance; intermediate tier administrators can only access the Details tab, User tab, Address tab, and Integration tab.

Access to the Tenant screen, and all associated tabs, is controlled by the access right ‘Manage Tenant information (all Tenants)’. If a junior Service Provider role is required, this access right will only provide access to all tenant-related configuration, as well as allowing access to the User Group screen.

When creating a new tenant, a ‘parent’ tenant should be associated, if relevant, and levels are being utilized. An intermediate tenant, or end tenant, reporting directly to the service provider, has no parent. It is important to set this relationship correctly at the time of Tenant creation because, once created, the parent of a tenant can only be changed if they have no children, or they are being moved to another parent at the same level. Only Service Providers can add or edit a ‘parent’ association.

On the creation of a new tenant, an associated division, cost center, and the user group is automatically created in the tenant’s name. Any future changes to the tenant’s name will be reflected across this data but each can be manually amended. A new tenant is created as ‘activated’; only active tenants are available for selection in data ‘pickers’. If a tenant is deactivated, none of its users will be able to login into the system.

A Tenant Name can be entered, as well as any general notes which might be useful when monitoring the account. A Tenant Code is automatically assigned, but if a specific tenant identifier is required for integration purposes for an end tenant this can be specified within the Integration configuration tab. The Tenant can be flagged as ‘Trial’ status, with an accompanying date, but this is for information purposes only. A CRM (Customer Relationship Management) reference can also be entered.

Also available is a rich text editor panel that can override the default Service Catalog welcome message with appropriate information for the Tenant. The tenant’s theme can be edited via the Theme tab, however no cascading from intermediate levels down occurs.

A Tenant, and the initial user, can be created via the Create Tenant API. In addition to the Tenant detail page, other tabs available are as follows: -


Creating a tenant user automatically associates the user with the Tenant’s default cost center and User Group.

Tenant personnel may only be associated to an Access Profile as either an ‘Administrator’ or as a ‘User’. It is assumed that all intermediate-level tenant users should be ‘Administrator

The Divisions tab is purely for information, as an end Tenant can only support a single division, which is automatically created and assigned via the cost center. The user can be assigned to other user groups via the Groups tab, although care should be taken as the Groups picker is unfiltered and displays all available groups.

The Defaults tab allows any request fields that have previously been associated to any end tenant, in the Tenant > Fields tab, to be selected and a relevant default value entered. Setting default values ensures a simplified request form completion process.

The Integration tab allows Integration Settings designated in Admin > Settings > Integration Settings as overridable by, or for, the user to set. If set as overridable by the user, they can be edited via My Account. It is possible to create pre-defined allowed values for selection.

Users can be imported using the Users Base Data file or via Active Directory. The cost center of the user determines the association to the tenant, so the assigned cost center must be appropriate.

  • A tenant user must be associated with its parent tenant on creation and this association cannot be changed once created. Likewise, a user not associated to a tenant is thereafter a Service Provider user.
  • Always create tenant/users via the Tenant page.


The request fields that are available for an end Tenant Administrator to set a default value for their users, in the Users > Defaults tab, can be determined here. All available request fields are available for selection but only those relevant to the specific end tenant should be selected.

Once associated, an end Tenant Administrator can be tasked with maintaining user-specific request field defaults.


If enabled, addresses can be created as normal, although the Address Code is automatically assigned. An address that is created here is for use in request creation only within that tenant.

By exception, if an end tenant address requires a specific Address Code, the address can be created for the tenant via Organization > Address, where an Address Code can be entered manually.

Cost Centers

Additional cost centers can be created for the end tenant. The cost center owner can be either an end tenant user or a Service Provider user. The cost center is automatically assigned to the Tenant’s division.


Solution-wide integration settings for Front Office adapters are maintained in Settings > Integration Settings, but tenant-level overrides can be specified here if permitted (see Tenant - for Intermediate Levels section). An example where this may be used is when passing out user credentials to a PunchOut catalog. Integration Settings may also be defined at Tenant end-user level.


Extra contact information for the tenant may be entered in this tab; this is purely for reference and is not used by any process.


The theme, including the banner heading, site logo, service catalog presentation, and color styling displayed, can be edited for any tenant across the hierarchy. A tenant will not inherit a theme from the above levels.

A preview option is available to enable the Service Provider administrator to view the end tenant’s theme.

Tenant – for Intermediate Levels

An intermediate-level tenant user, with the ‘Administrator’ profile assigned, can manage their own users, as well as creating and editing any child tenants.

On clicking the Admin menu link, the user is taken to a welcome page, with links to Manage Users and Manage Tenants; the term ‘Tenants’ being replaced by the relevant child’s name, as defined in the Levels screen.

An intermediate-level tenant can add or edit tenant data for a ‘child’ tenant, including create/edit users, create/edit addresses, and edit the inherited integration settings.

Note: if using intermediate tenant levels within your solution, the image picker has no partitioning by tenant, so any uploaded image is available to all when setting the Service Catalog welcome message.

When creating or editing a tenant, the administrator can also manage the tenant’s users, addresses, and override any default Integration Settings.

Tenant – for End Tenant Administrators

An end tenant user with the ‘Administrator’ access profile assigned can manage their own users, delivery addresses, and notices.

On clicking the Admin menu link, the user is taken to a landing page, with links to Manage Users, Manage Notices, Manage Addresses and Notices. The subsequent pages have either field-level help, or a Need Help? link displayed; on clicking the link, useful information to help them complete the necessary information is shown.


A new user will automatically be assigned to their tenant, as well as the default cost center and user group. One of two shipped Access Profiles can be assigned to any user: ‘Administrator’ or ‘User’.

The Settings and Defaults tabs are available: the fields in the Settings tab are the same as for the Service Provider; within the Defaults tab, the Tenant Administrator is only allowed to set default values for request fields pre-determined by the Service Provider, in the Tenant > Fields page.

The Tenant Administrator can activate users from the User List, as well as setting the Out of Office user or changing the password in emergency use.


Addresses can be created as normal, although the Address Code is automatically assigned. An address that is created here is for use in request creation only within that tenant.

The display of this feature is controlled by the access right Maintain Addresses.


Alerts or informational messages for display on the tenant users’ home page can be maintained here. Any notice created will be restricted to the tenant.

Access Profile

An access profile determines what privileges are assigned to a user. When running in multi-tenant mode, one of two out-of-the-box access profiles must be assigned to any end-user created for a tenant.

Tenant User: this contains the basic rights required for a standard end-user to access the Service Catalog and create and view their own requests.

Tenant Administrator: this is targeted at a user who, in addition to the basic rights, requires a management view of all request data created by users within the organization and is also able to administer user and address information.

When creating an intermediate tenant user, the ‘Administrator’ access profile should be used.

  • Both Tenant User and Tenant Administrator access profiles can be edited, although care should be taken to ensure that only the appropriate access right is associated.
    Please contact us at https://frontofficehelp.biomni.com/hc/en-us/requests/new if additional clarification is required.
  • The following access rights must not be associated with the Tenant access profiles, as the tenant would be able to access cross-tenant data: Supervisor Privileges, View All Cost Centers, Assign Inbox Tasks to others, Request Fulfillment Administrator, View.
  • Request Summary Fulfillment Activity Details, View Cost Centers outside own Division, Receipt All Requests, and Receipting Administrator.
  • The following access rights should only be associated with the Tenant access profiles where the appropriate filters (user groups) have been considered/applied: Access Business Forms via full catalog view, Access Bundles via the full catalog view, Access Suppliers via full catalog view, and View Reports Library.

The access right ‘Manage Tenant information (all Tenants)’ allows a junior Service Provider role to have limited access to the Administration area. This access right provides entry to all tenant-related configurations, as well as allowing access to the User Group screen.

Creating a Tenant via API

Tenants can be created from a request form via Internal Workflow fulfillment or directly from an external system. The API allows the creation of a tenant, along with an initial admin user, or additional users, if required.

Integration settings can be set for the tenant via existing methods.

Service Catalog

A single Service Catalog is available for all tenants, but a number of features allow the specific tenant view to be tailored.

The Service Catalog for a tenant can be filtered at category and service level by utilizing user groups.

The top-level welcome message panel can be overridden by a tenant, to allow information relevant to the tenant to be shown; this could include the tenant’s logo. This is configured in the Organization > Tenant page.

When configuring the Service Catalog, the Service Provider can select an end tenant user in the ‘View As’ field. This will show that user’s relevant categories and services, with any disassociated elements, slightly obscured, providing a personalized view, but in the context of the whole.

  • It is recommended that all end tenant access to the catalog is via the Service Catalog rather than the full catalog listing. Creating the appropriate tenant access to the full catalog may require use of Approved Lists and user group-controlled bundles and request types.

Request Type

Where an end tenant requires changes to a Request Type, for example, an additional request field or a different fulfillment workflow, a Request Type Variant may be created by the Service Provider. A Request Type (parent) can have one or more Variants (children) created. When an end tenant initiates the request type, the appropriate variant will be loaded instead of the standard (parent) request type.

Variants are found in a tab in Request Type details screen, accessed via Request & Approval > Request Type. On creating a variant, a description must be entered to help identify the variant, but the request type name will be inherited, non-editable, from the parent; if it is an item request type, any associated bundles are also inherited and cannot be changed. All details from the parent request type are copied, excluding the approval matrix. One or more end Tenants may be assigned to a variant, via the Tenant tab.

Linkage to a Service or Bundle is always via the parent request type; the only exception is when creating a new approval matrix record direct from the Admin Menu when variants can be selected;

The description is available via a tooltip. When the Tenant end-user selects a service or request type from the catalog, the variant will be loaded into their cart.

  • During the configuration of the variant, even though it might be linked to a subset of tenants, any user or user group pickers (for example, in the Approval Matrix, Task assignment, or SLA) are unfiltered by the tenant, so selections should be made carefully.

Approval routing

Approval can be enabled by request type parent and by individual variant, but the matrix rules’ configuration presents unfiltered data lists (for example, cost centers and users) so care should be taken. It is recommended that Line Manager via User record be the approval solution of choice. If line manager data is not available for all tenants, the matrix record can be set to optional; if no user is found, the approval row will be skipped.


The out-of-the-box reports are suitable for Service Providers but should not be made available to intermediate levels or end tenants.

Requests and Request List

When an end-user creates a request from the Service Catalog, the request form generated will be a request type variant, if one exists for the end tenant, and any user or cost center pickers will be filtered to the end tenant’s data. If the request number is configured to be ‘free text entry (unique)’, the unique check will be within an end tenant.

The Request schema includes a section for tenant data (Tenant ID (Tenant table primary key), Tenant Code and Tenant Name), allowing requests passed to the adapter to be identified.

The Request List filter will only display request types that have been created by the logged-in user or, for a Tenant Administrator, any request that has been created by/for one of their users.

In Advanced Search, the user picker is filtered to just display the end tenant’s data.

Service Provider

By clicking ‘Raise a request for another user’ link on the home page, a Service Provider can select from the full user database and view the Service Catalog as the nominated tenant user.

A Service Provider can view all end Tenant requests and a Tenant column can be displayed in the grid, configurable via the Request List tab in Request Type Maintenance. The Request Type filter is a superset of all requests generated; variants might mean that there are multiple repeated request type names, with the variant description appended.

In Advanced Search, the Tenant picker is only available for Service Provider personnel. All user and cost center pickers are unfiltered and display all available information.

Inbox – Approvals

End Tenant view

An end Tenant User can view only approval requests that have been assigned to them. An end Tenant Administrator can view all approval requests across their tenant base.

If the approval route needs to be amended via the Edit link, an end Tenant Administrator can select from a filtered list of their own users or user groups.

Note: A Tenant Administrator will only see user groups that are comprised solely of their own users. If any cross-tenant user groups have been created for easier Service Catalog maintenance, these will be excluded from selection.

A single ‘Approval email’ template is available to all end tenants.

Service Provider

When editing the approval route, a Service Provider will be able to select any user associated with the Requested For user’s tenant or also other Service Provider users.

A Tenant column is included in the Approvals list.

Inbox – Tasks

An end Tenant User can view only manual tasks that have been assigned to them. No higher-level access across the end tenant is available for Tenant Administrators.

A Service Provider who can assign tasks to other users will be able to select any user associated with the Requested For user’s tenant, or also other Service Provider users.

A Tenant column is included in the Tasks list.

A single ‘Task email’ template is available to all end tenants.


Share this article



Article is closed for comments.