Multi-Tenant Architecture

Host Admin

DataCentral is engineered from the ground up as a multi-tenant SaaS platform. This architecture allows a single deployment (the Host Instance) to serve multiple, completely isolated organizations (the Tenants), while providing centralized management, security, and scalability.

This document outlines the high-level system architecture and how isolation is achieved across the platform.

1. High-Level Model

The platform is divided into a Host Control Plane and multiple Tenant Data Planes.

+---------------------------+        +---------------------------+
| Host Instance             |        | Tenant Instance           |
| - Tenant provisioning     |        | - Tenant UI + API         |
| - Editions                |        | - Users, roles, OUs       |
| - Shared Azure config     |        | - Items, tasks, links     |
| - Global reporting        |        | - Tenant settings         |
+---------------------------+        +---------------------------+
               |                               |
               | inherit / override            |
               v                               v
        +------------------------------------------------+
        | Integration Layer                              |
        | - Entra ID auth apps                           |
        | - Power BI service principals                  |
        | - Microsoft Graph service principal            |
        +------------------------------------------------+
                             |
                             v
                      Power BI Service

The Host Instance

The Host Instance manages the lifecycle of all Tenants. It defines Editions (feature bundles), manages shared Azure configurations (such as global Service Principals), and provides global reporting and audit visibility across the entire deployment.

The Tenant Instance

Each Tenant operates as an isolated analytics portal. A Tenant provides its own users, roles, Organization Units (OUs), embedded Power BI items, and settings. Tenants can inherit global configurations from the Host or override them with their own specific settings (e.g., using their own Entra ID app registration).

2. Core Components

DataCentral's architecture is composed of several key services:

User Experience

Web UI: Separate interfaces for Host Administrators and Tenant End Users.
Embedded Report View: The core interface for rendering Power BI content securely.
Admin Console: For managing users, roles, OUs, items, and settings within a Tenant.

API and Services

Tenant API: Handles operations specific to a Tenant (users, roles, items, tasks).
Host API: Handles global operations (tenant provisioning, editions).
Embedding Service: Manages secure token generation and report access.
Automation Service: Executes Action Tasks and DAX Queries based on user interaction.
Link Service: Manages Report Keys, Slideshows, and secure export links.

Identity and Access

Authentication: Supports Entra ID, User Pass, and Mobile ID per Tenant.
Authorization: A multi-layered role system (System Roles, Report Roles, RLS Roles).
Organization Units (OUs): Hierarchical access management, often linked to Entra ID security groups.

Integration Layer

Power BI: Integration for workspace discovery, item embedding, and dataset operations.
Microsoft Graph: Integration for external user invites and group membership synchronization.

3. Tenant Isolation Model

DataCentral enforces strict isolation between Tenants at both the application and data layers to ensure security and compliance.

Application Layer Isolation

Every API request and database query is strictly scoped to the authenticated user's TenantID. A user in Tenant A cannot query the users, roles, or reports of Tenant B.

Data Layer Isolation

DataCentral offers two database models:

Shared Host Database: All Tenants share the same physical database schema, with logical separation via TenantID.
Dedicated Tenant Database: A Tenant is provisioned with its own dedicated physical database for maximum security and compliance.

Configuration and Secrets

Tenant-specific configurations (settings, roles, items, OUs) are isolated.
Sensitive secrets (Client IDs, Client Secrets, passphrases) are stored securely per Tenant or inherited from the Host.
Independent user and role directories prevent cross-tenant identity leakage.

4. Resilience and Scaling

The architecture is designed to scale securely:

Multiple Service Principals: Tenants can configure multiple Power BI Service Principals for redundancy and cross-tenant access, avoiding API rate limits.
Background Jobs: Asynchronous workers handle Entra ID group synchronization, task processing, and telemetry aggregation without impacting UI performance.
Token Caching: Intelligent caching and batching reduce the number of API calls made to Power BI and Microsoft Graph.

1. High-Level Model​

The Host Instance​

The Tenant Instance​

2. Core Components​

User Experience​

API and Services​

Identity and Access​

Integration Layer​

3. Tenant Isolation Model​

Application Layer Isolation​

Data Layer Isolation​

Configuration and Secrets​

4. Resilience and Scaling​