Multi-Tenant Workspace

Isolate scan data and access between multiple tenants or customers.

Directory Structure

workspace/
├── tenants/
│   ├── customer-a/
│   │   ├── scans/
│   │   ├── reports/
│   │   └── config/
│   ├── customer-b/
│   │   └── ...

Tenant Configuration

enterprise:
  multi_tenant:
    enabled: true
    default_tenant: default
    isolation: strict

RBAC

Role-based access control per tenant:

Roles:

Viewer: Read-only access to scan results
Operator: Run scans, view results
Admin: Full access, manage users

Permissions:

rbac:
  roles:
    - name: operator
      permissions:
        - scans:read
        - scans:create
        - reports:read
    - name: admin
      permissions:
        - "*"

SSO Integration

OIDC/SAML configuration:

server:
  auth:
    provider: oidc
    oidc:
      issuer: https://auth.company.com
      client_id: pentora
      client_secret: ${OIDC_SECRET}

Tenant Switching

Via UI: Tenant selector dropdown Via API: X-Tenant-ID header

curl -H "X-Tenant-ID: customer-a" \
     -H "Authorization: Bearer token" \
     https://pentora.company.com/api/v1/scans

See Deployment Guide for setup.

Directory Structure​

Tenant Configuration​

RBAC​

SSO Integration​

Tenant Switching​

Directory Structure

Tenant Configuration

RBAC

SSO Integration

Tenant Switching