Tenants
This page describes the tenant model and authentication methods used in Platon's observability platform.
What is a Tenant?
A tenant is an isolated space for your team's observability data. Each tenant has:
- Separate storage for logs, metrics, and traces
- Access controlled by an EntraID group and/or basic authentication
- Dedicated Grafana organization and data sources
Tenants provide data isolation between teams - you can only see data belonging to your tenant(s).
Requesting a Tenant
Contact the Platon team on #platon (Slack) with:
- Tenant name: A descriptive name (e.g., "my-team" or "my-product")
- EntraID group: The Microsoft Entra ID group for access control
We will:
- Add the tenant to the auth-proxy (for Loki, Mimir, Tempo)
- Set up a Grafana organization
- Configure data sources
- Configure Grafana to use the EntraID group
Authentication Methods
How you authenticate depends on where your application runs. See the getting started guide for your setup:
- PaaS Logging - No authentication needed, Vector handles it
- PaaS Full Observability - Tenant header required
- Puppet-managed VMs - Credentials managed by Puppet via Vault
- External Services - Full authentication required (Basic Auth + tenant header)
Data Retention
The default retention period for all observability data is 180 days. This can be adjusted per tenant if your team has different requirements. Contact the Platon team on #platon (Slack) to request a change.
Multiple Tenants
A team can have multiple tenants if needed - for example, to separate production and staging data, or to isolate different products. Contact the Platon team to set up additional tenants.