Skip to main content

Tenant System

Introducing the Tenant System

The term "Tenant" in the Katsu System is a broad term used to refer to a business or company, individual, vendor or service provider registered in the system. Upon successful registration, a tenant is assigned a distinct segment or space within the platform via the Tenant-enabling feature and can access any products/services in the registry to integrate them into their businesses.

Services/Products Available for Tenant Business Integration

After a complete onboarding process, a tenant can choose from the array of products and services in the Katsu System and provide it to its customers under its brand name. Katsu provides a catalogue of feature-rich products and services internally built into a public domain and accessible to the tenants through API endpoints. The products and services in the system that are available to the tenant include but are not limited to:

  • Wallet Services: A payment platform tenants can integrate with their existing applications to ease payment transactions.
  • Logistics Services: A delivery system for existing businesses to ease the transport of goods to aim for customer satisfaction.
  • Inventory Management System: A system to monitor a business' inventories and deduce beneficial insightful information that can be strategically implemented.
  • Trace (Commodity Management System)

The tenant can integrate any or all of these products/services in its business applications provided each product-specific requirement is satisfied.

Products/Services Integration Process

  • Tenant Onboarding (discussed in detail in the latter section).
  • KYB (Know Your Business) Verification: As a tenant, the nature of your business must be stated and submitted with verifiable claims before accessing any products/services in the system. This enables Sabi to provide accurate recommendations when the tenant needs a guide in selecting a product or service. It also helps Sabi comply with the business laws of the residing/operating country.
  • Product/Service Selection: Upon a successful KYB verification, the tenant is given access to the catalogue of products/services in the system to choose from. In the case of a choice clarity or guide, a tenant could reach out to Sabi support for guidance and recommendations.
  • API Integration: Sabi provides the tenant with the API endpoints of the selected products/services and the tenant proceeds to integrate them into its applications.
  • Customization and Mapping: Tenants can customize a selected product/service to their needs. Some services also come with configuration options, the process which the tenant can find in the documentation. After customization, the product/service is ready for use and mapped to the client

White-labelling

White-labelling is a form of tenant-specific customization and mapping. Sabi allows a tenant to adopt an existing product/service and fine-tune it to taste. The white-labelling process is outlined in detail below.

  • Tenant Onboarding
  • Theme Configuration: The tenant provides Sabi with specific theme configurations that align with its brand. This includes but is not limited to the desired colours, company logo, application UI and graphical posters, and other visual or aesthetic specifications.
  • Product Mapping: The tenant can decide to modify some functionalities in the selected products/Services, removing, adding, or updating existing functions to suit the expected outcome. After that, the theme and functionality configurations are mapped to the tenant in its distinct space in the registry. Sabi generates a unique product key specific to the tenant. The key is used in building the tenant-customized application.
  • Application Generation: With the generated unique product key, the Android (APK) and iOS (IPA) versions of the tenant's applications are built, and tailored to the tenant's specifications.
  • Delivery: The customised application versions are ready and delivered to the tenant after a series of conducted tests. The tenant can then upload the applications to their respective operating system (OS) stores—Google Play for Android and Apple Store for iOS.
  • End User Experience: The end users (customers) can install the version of the tenant's customised application specific to their device's OS and begin to use it. This way, the tenant takes full credit for the application while using the Sabi infrastructure in the background.

Tenant Onboarding

This is a crucial process requisite for any other operations the tenant can carry out in the Katsu System.

  • CRU Disable: Similar to CRUD operations but with the "D" being for Disable, rather than Delete. Tenants can create, read, upload, and disable their profile and business information.
  • Key Pair Generation: Sabi generates a unique set of keys for the tenant to secure its access and operations within the system. The key gives the tenant access to their defined space within the system.
  • Tenant-specific Configurations: Sabi allows the tenants to configure their settings and preferences within the Katsu System. With this, the tenant defines how its company space in the registry is. These tenant-specific configurations are unique and not shared among other tenants.
  • Assigning Products/Services to Tenants and Setup Key Rotation Period: Setting up and scheduling periodic key rotations for security and assigning specific products and services to a tenant.

After the onboarding process is completed, the tenant can access any products and services in the Katsu System, select any of its choices, and integrate it with its application(s).

Payment Modes Configuration

A tenant can configure payment modes for 2 primary use cases.

  • Service/Product Selection: For a tenant that offers multiple services/products to its users on a payment basis, Sabi offers a configuration option for selected paid products/services. It could be one of many or all.
  • Subscription Plan: On a subscription basis, tenants can have their products/services configured for different subscription plans and restrict access to certain features based on the user-selected plan.

Key Management

Setup Key Rotation for Services & Products Assigned to a Tenant

This use case involves configuring key rotation policies for services and products assigned to a tenant to ensure that cryptographic keys are regularly refreshed, thus enhancing security.

Steps

  1. Define key rotation intervals for service keys, tenant service keys, and tenant product keys.
  2. Implement mechanisms to automatically rotate keys based on the defined intervals.
  3. Ensure that new keys are generated and deployed seamlessly without disrupting service availability.
  4. Notify key owners (tenants, services, and products) upon key rotation completion.

Setup Notification to Get the Latest Keys Rotated

This use case involves setting up notifications to inform key owners (tenants, services, and products) when keys are rotated, ensuring they have access to the latest cryptographic keys for secure communication.

Steps

  1. Implement a notification system to alert key owners about upcoming key rotations.
  2. Send notifications to key owners upon successful key rotation.
  3. Include relevant information such as key type, rotation status, and expiry date in the notifications.

Get the Latest Key for a Service

This use case involves retrieving the latest cryptographic key for a specific service, ensuring seamless authentication and authorization during inter-service communication.

Steps

  1. Develop an API endpoint to fetch the latest service key based on the service identifier.
  2. Authenticate the requester to ensure authorized access to the service key.
  3. Return the latest service key to the requester for use in communication with other services.

Generate Key Pair for Tenant Key Management and Rotation

This use case involves generating cryptographic key pairs for tenant key management and rotation, enabling secure management of keys and facilitating key rotation processes.

Steps

  1. Implement key pair generation algorithms to create public-private key pairs for tenant key management.
  2. Store the generated key pairs securely to prevent unauthorized access.
  3. Utilize the key pairs for encrypting and decrypting sensitive information related to key management and rotation.

Theming Product and Service Configuration Technical Documentation

The Theming Product and Service Configuration feature enables the setup and management of configurations for products and services within the system. It allows for the customization and fine-tuning of product and service settings, metrics, and keys, ensuring seamless integration and usage by tenants and services.

Key Concepts

  • Product Configuration: Dynamic settings and parameters specific to each product, allowing customization and integration with tenant systems. Product configurations include webhook URLs, header keys, and notification preferences.
  • Service Configuration: Dynamic configurations unique to each service, enabling fine-tuning and integration with tenant systems. Service configurations include setup details, usage metrics, and key rotation settings.

Theming Product Use Cases

Onboard Product (CRU Disable)

This use case involves onboarding a new product into the system, configuring its settings, and ensuring seamless integration with tenant systems.

Steps

  1. Create a new product record in the system with relevant details such as name, description, and version.
  2. Configure product settings including theming options, branding, and default configurations.
  3. Disable or enable CRUD operations based on the product's requirements and permissions.

Setup Product Configuration

This use case involves configuring dynamic settings for a product, such as webhook URLs, header keys, and notification preferences, to customize its behaviour and integration with tenant systems.

Steps

  1. Provide a user interface for administrators to input and update product configurations.
  2. Store product configurations securely in the system database.
  3. Ensure that changes to product configurations are reflected in real-time for tenants and services.

Setup Product Metrics

Description: This use case involves configuring metrics and reporting functionalities for a product to track usage, performance, and other relevant data.

Steps

  1. Define key metrics and performance indicators relevant to the product's functionality and goals.
  2. Implement tracking mechanisms to collect and analyze product usage data.
  3. Generate reports and visualizations to present product metrics to administrators and stakeholders.

Generate Product Key Pair When Mapped to a Tenant

This use case involves generating cryptographic key pairs for a product when mapped to a tenant, ensuring secure communication and access control.

Steps

  1. Generate a unique key pair for the product-tenant relationship using cryptographic algorithms.
  2. Store the generated key pair securely in the system, associating it with the respective product and tenant.
  3. Ensure the generated key pair is accessible to authorized users for secure communication.

Assign Service to a Product

This use case involves linking a service to a specific product, enabling seamless integration and usage within the product ecosystem.

Steps

  1. Associate the service with the relevant product in the system database.
  2. Ensure that necessary configurations and permissions are applied to the service within the context of the product.
  3. Facilitate communication and data exchange between the service and the product as per the defined integration guidelines.

Setup Notification to Get the Latest Keys Rotated

This use case involves setting up notifications to inform administrators and stakeholders about the rotation of cryptographic keys for products, ensuring seamless security management.

Steps

  1. Implement a notification system to alert administrators and stakeholders about upcoming key rotations.
  2. Send notifications with relevant details such as key type, rotation status, and expiry date.
  3. Ensure that key rotation notifications are delivered promptly to facilitate necessary actions.

Service Use Cases

Onboard Service (CRU Disable) and Generate its Register Key Pair

Description: This use case involves onboarding a new service into the system, configuring its settings, and generating cryptographic key pairs for secure communication.

Steps

  1. Create a new service record in the system with relevant details such as name, description, and version.
  2. Configure service settings including authentication methods, endpoints, and permissions.
  3. Disable or enable CRUD operations based on the service's requirements and permissions.
  4. Generate a unique key pair for the service registration using cryptographic algorithms.
  5. Store the generated key pair securely in the system, associating it with the respective service.

Setup Service Configuration

This use case involves configuring dynamic settings for a service, such as authentication methods, endpoints, and usage metrics, to customize its behaviour and integration with tenant systems.

Steps

  1. Provide a user interface for administrators to input and update service configurations.
  2. Store service configurations securely in the system database.
  3. Ensure that changes to service configurations are reflected in real-time for tenants and products.

Setup a Service Usage Metrics & Report

This use case involves configuring metrics and reporting functionalities for a service to track usage, performance, and other relevant data.

Steps

  1. Define key metrics and performance indicators relevant to the service's functionality and goals.
  2. Implement tracking mechanisms to collect and analyze service usage data.
  3. Generate reports and visualizations to present service metrics to administrators and stakeholders.

Generate a Service Key Pair When Mapped to a Tenant (Service Suite)

This use case involves generating cryptographic key pairs for a service when mapped to a tenant, ensuring secure communication and access control within the service suite.

Steps

  1. Generate a unique key pair for the service-tenant relationship using cryptographic algorithms.
  2. Store the generated key pair securely in the system, associating it with the respective service and tenant.
  3. Ensure the generated key pair is accessible to authorized users for secure communication within the service suite.

Setup Key Rotation Assigned to a Service that is Registered

This use case involves configuring key rotation policies for registered services to ensure that cryptographic keys are regularly refreshed for enhanced security.

Steps

  1. Define key rotation intervals and policies for registered services.
  2. Implement mechanisms to automatically rotate keys based on the defined intervals.
  3. Ensure that new keys are generated and deployed seamlessly without disrupting service availability.

Setup Notification to Get the Latest Keys Rotated

This use case involves setting up notifications to inform administrators and stakeholders about the rotation of cryptographic keys for services, ensuring seamless security management.

Steps

  1. Implement a notification system to alert administrators and stakeholders about upcoming key rotations.
  2. Send notifications with relevant details such as key type, rotation status, and expiry date.
  3. Ensure that key rotation notifications are delivered promptly to facilitate necessary actions.

Configuration

Upon registry of service to the registry system, the system needs to provide a route for services to register and provide their service configuration dynamically. This configuration includes details such as webhook URLs, header keys, and notification preferences, allowing seamless integration and customization for tenants.

Steps

  1. Develop an API endpoint for services to register and provide their configurations dynamically.
  2. Define the required configuration parameters and validation rules.
  3. Store service configurations securely in the system database.
  4. Ensure that changes to service configurations are reflected in real-time for tenants and products.
  5. Provide secure access controls to manage and update service configurations as needed.

Key Management and Rotation Technical

The Key Management and Rotation feature within the system facilitate the generation, management, rotation, and monitoring of cryptographic keys for services, tenants, and products. It ensures the security and integrity of communications and access control within the system.

Key Concepts

  • Key System: A comprehensive system for managing cryptographic keys for services, tenants, products, and their relationships. The system supports CRUD (Create, Read, Update, Delete) operations for keys.
  • Key Rotation: The process of periodically refreshing cryptographic keys to enhance security and prevent unauthorized access. Key rotation periods can be defined based on time intervals (days, months, weeks, years).
  • Key Status: The status of cryptographic keys, including active, inactive, and rotated, to track their lifecycle and usage.
  • Key Error Monitoring: Monitoring mechanisms to detect and handle errors related to key management and rotation processes.
  • Key History Metrics: Metrics and reports tracking key usage and history per product, service, and tenant, providing insights into key management activities.

Setup a Key System for Service and Tenant, Product, Tenant_Service, Tenant_Product (CRUD)

This use case involves setting up a comprehensive key system to manage cryptographic keys for services, tenants, products, and their relationships, allowing CRUD operations for key management.

Steps

  1. Design and implement a robust key management system to handle cryptographic keys for various entities.
  2. Provide APIs and interfaces for creating, retrieving, updating, and deleting keys.
  3. Implement access controls and permissions to regulate key management operations based on user roles and responsibilities.
  4. Ensure data integrity and security by employing encryption and access control measures for key storage and retrieval.

Setup Key Rotation Period Based on the Owner (Key Rotation Value - 1 - 52) Type = Days, Months, Weeks, Years

This use case involves configuring key rotation periods based on the owner's (service, product, tenant) preferences, allowing flexible key rotation schedules.

Steps

  1. Define key rotation intervals (1 - 52) for services, products, and tenants based on their security requirements and compliance standards.
  2. Implement a scheduling mechanism to trigger key rotation processes at specified intervals (e.g., days, months, weeks, years).
  3. Ensure that key rotation schedules are customizable and adjustable based on evolving security needs and regulations.

Deactivate and Activate a Key by Owner (Service, Product & Tenant)

This use case involves enabling administrators to deactivate and activate cryptographic keys for services, products, and tenants, providing control over key usage and access.

Steps

  1. Implement functionality to deactivate and activate keys based on owner (service, product, tenant) requests or system policies.
  2. Update key status in the database to reflect changes in activation status (active, inactive).
  3. Ensure that deactivated keys are no longer valid for authentication and authorization purposes, maintaining system security.

Key Error Monitoring

This use case involves monitoring key management processes for errors and anomalies to ensure system reliability and security.

Steps

  1. Implement error monitoring mechanisms to detect issues related to key generation, rotation, and usage.
  2. Set up alerts and notifications to inform administrators about key management errors and anomalies.
  3. Log error details for analysis and troubleshooting purposes, enabling timely resolution of key-related issues.

Key History Metrics per Product, Service, Tenant

This use case involves tracking key usage and history metrics per product, service, and tenant, providing insights into key management activities and usage patterns.

Steps

  1. Capture key-related metrics such as creation date, rotation date, activation status, and usage statistics.
  2. Store key history data in a centralized database for easy retrieval and analysis.
  3. Generate reports and visualizations to present key history metrics to administrators and stakeholders, facilitating informed decision-making and auditing processes.

Setup Notification to Get Latest Keys Rotated

This use case involves configuring notifications to inform administrators and stakeholders about key rotation events, ensuring timely awareness and action.

Steps

  1. Implement a notification system to alert administrators and stakeholders about upcoming key rotations.
  2. Send notifications with relevant details such as key type, rotation status, and expiry date.
  3. Ensure that key rotation notifications are delivered on time via email, SMS, or in-app notifications.