# Multi-tenancy

### Multi-tenancy support in Bsure Insights

Bsure Insights supports **multi-tenancy**, allowing a single, central installation to collect and analyze data across multiple Microsoft Entra ID (Azure AD) tenants.

#### What this means

With multi-tenancy enabled you deploy and maintain separate Bsure Insights installations in each tenant

* One **central (main) tenant** hosts the Bsure Insights installation.
* A **multi-tenant application registration** is created in the main tenant.
* This application is granted access to one or more **external tenants**.
* Bsure Insights securely fetches data from those tenants using the same application identity.

This approach simplifies architecture, reduces operational overhead, and provides a consolidated view across tenants.

#### How it works (high level)

{% stepper %}
{% step %}

### Main tenant setup

A multi-tenant app registration is created in the main tenant where Bsure Insights is installed. You need to be Global admin to perform this action under Configuration - Multi-tenancy tab. Click Setup Federation button and you will get this guide:
{% endstep %}

{% step %}

### Consent in external tenants

Each external tenant grants admin consent to the multi-tenant application. This establishes trust and permissions. Click the "Copy admin Concent" button and paste it into a browser holding at least application administrator privileges in the tenant you want to fetch data from. Then add seconday tenant in Bsure Insights configuration to tell wich tenantid and name you ran the concent link.
{% endstep %}

{% step %}

### Data collection

Bsure Insights uses the multi-tenant application to authenticate and fetch data from the connected tenants.
{% endstep %}

{% step %}

### Centralized insights

Data from all tenants is processed and presented centrally, while still retaining tenant context.
{% endstep %}
{% endstepper %}

#### Security considerations

* Access is **explicitly granted** by each external tenant via admin consent.
* Permissions follow the **least-privilege principle** required for reporting.
* No persistent credentials are shared between tenants; authentication is handled via Entra ID and application identities.

#### When to use multi-tenancy

Multi-tenancy is especially useful when:

* You manage multiple Entra ID tenants (e.g. MSPs, enterprises with subsidiaries).
* You want a **single pane of glass** for identity and application insights.
* You want to minimize duplication of infrastructure and configuration.

#### Limitations and notes

* All tenants must support the required Microsoft Graph permissions.
* Data visibility is scoped per tenant but aggregated in the same Bsure Insights environment.
* Some reports may require tenant-level context to interpret results correctly.

***

This capability enables Bsure Insights to scale across organizational boundaries while remaining secure, maintainable, and easy to operate.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bsure.io/user-guides/settings/system/multi-tenancy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.