Messaging between tenants

Messages are exchanged within the Unit4 ecosystem using Unit4 Message Hub (U4MH) which is a native multi-tenant service. Messages that are exchanged not only carry information about what (the product) triggered the event but also who (the customer) - the tenant - that owns the data triggering the event.

Messages sent to U4MH are owned by the same tenant that owns the data that triggered the message to be sent, and this is reflected in the Message Hub's subscription model.

All messages must contain a customer identifier. This customer identifier is known as the tenant ID and is a unique identifier of a Unit4 customer hosted together with other customers.

Tenant ID is important to both the sender and receiver. The main purpose is to identify a specific customer within a deployment shared by many other customers, and prevent data from flowing between one customer to another.

In scenarios where a customer is the only customer within that deployment, as in an on-premise installation, this ID still must be provided on all messages sent to the hub.

Multi-tenant applications

Multi-tenant senders and receivers can easily adopt U4MH as all operations within such applications already execute in the context of a tenant ID. Whenever a message is sent to the hub, this tenant ID follows the message. Also, as the tenant ID follows messages received from the hub, the ID can safely be used to process the message in the right customer context.

Single-tenant applications

Single-tenant applications have up to recently been the most common type of applications. They connect to a single customers database and other resources owned by a specific customer and operate on this.

To apply a single-tenant application in a multi-tenant environment, you typically deploy a new instance of the application for each customer and configure it to work on this customer's resources. To make it use U4MH and integrate it with other applications it will must provide a valid tenant ID on each message to let the receiving product know which customer to operate on. An easy way of doing this would be to configure each application instance with an tenant ID application setting.

Integrations

An integration solution for a specific customer (tenant) is a bridge between the Unit4 suite to a third-party product the customer has invested in. An integration is by nature single-tenant. Such an integration solution must authenticate using Unit4 Identity Services (U4IDS) and provide an identity to the U4MH. This identity can only be used to subscribe to a specific tenant. Attempts to subscribe to and consume messages for other tenants will be denied.

U4MH comes with an access control layer to guard unapproved subscriptions to a tenant and access sensitive information carried by a message.

For more information on security, see Unit4 Identity Services.