Skip to main content
Version: 8.8 (unreleased)

Configure multi-tenancy in Helm chart

Multi-tenancy lets you isolate users, data, and workloads across tenants (for example, business units, departments, or customers) within the same Camunda 8 cluster. This ensures separation while reducing infrastructure overhead by running multiple tenants on a shared installation.

This page explains how to configure multi-tenancy in both Management Identity and Orchestration Cluster Identity. It also shows the defaults, how to enable or enforce tenant checks, and how to resolve common issues.

Prerequisites

  • A running Camunda 8 Self-Managed deployment with authentication enabled.
note

Multi-tenancy requires authentication in the Orchestration Cluster Identity. If authentication is disabled, multi-tenancy does not work.

Configuration

Multi-tenancy behavior differs depending on the identity component:

  • Management Identity: Disabled by default. You must enable it. Once enabled, tenant checks are automatically enforced (all requests are validated against the active tenant configuration).

  • Orchestration Cluster Identity: Enabled by default, with a default tenant created. Tenant checks are not enforced unless explicitly enabled.

Parameters

values.yaml optiontypedefaultdescription
global.multitenancy.enabledbooleanfalse(Management Identity) Enable multi-tenancy globally.
orchestration.multitenancy.checks.enabledbooleanfalse(Orchestration Cluster Identity) Enforce tenant validation across requests.
orchestration.multitenancy.api.enabledbooleantrue(Orchestration Cluster Identity) Enable the multi-tenancy API for tenant management.

Example usage

Management Identity

Enable multi-tenancy in Management Identity:

global:
multitenancy:
enabled: true

Orchestration Cluster Identity

Enable tenant checks and the multi-tenancy API:

orchestration:
multitenancy:
checks:
enabled: true # Enforces tenant checks in all components
api:
enabled: true # Enables multi-tenancy API for tenant management
warning

Disabling multi-tenancy after it has been enabled can cause unexpected behavior if active tenants exist.