Tenants
This page describes the tenant model and authentication methods used in Platon's observability platform.
What is a Tenant?
A tenant is an isolated space for your team's observability data. Each tenant has:
- Separate storage for logs, metrics, and traces
- Access controlled by an EntraID group and/or basic authentication
- Dedicated Grafana organization and data sources
Tenants provide data isolation between teams - you can only see data belonging to your tenant(s).
Requesting a Tenant
Contact the Platon team on #platon (Slack) with:
- Tenant name: A descriptive name (e.g., "my-team" or "my-product")
- EntraID group: The Microsoft Entra ID group for access control
We will:
- Add the tenant to the auth-proxy (for Loki, Mimir, Tempo)
- Set up a Grafana organization
- Configure data sources
- Configure Grafana to use the EntraID group
Authentication Methods
How you authenticate depends on where your application runs. See the getting started guide for your setup:
- PaaS Logging - No authentication needed, Vector handles it
- PaaS Full Observability - Tenant header required
- Puppet-managed VMs - Credentials managed by Puppet via Vault
- External Services - Full authentication required (Basic Auth + tenant header)
Multiple Tenants
A team can have multiple tenants if needed - for example, to separate production and staging data, or to isolate different products. Contact the Platon team to set up additional tenants.