Single Tenant Vending Form
3 min read
To start setting up a single tenant, the following questions around compliance, tenant properties and capacity planning have to be answered.
Needed as per upfront (& signed LOI or contract as well as NDA) are blockers to start the setup. The remaining items have a roadmap impact but setups can be started beforehand.
Area | Needed as per | Clarification | Options | Further information |
|---|---|---|---|---|
Compliance | Upfront | Where can the Unique employees maintain the solution be from? |
| From which locations is Unique allowed to access the single tenant to provide support. |
Compliance, Data Residency | In which Azure region should the primary deployment reside? |
| https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/#overview | |
Which Azure regions could be used for any OpenAI or LLM interactions? |
| More regions = more flexibility and potentially better quality. Check regions for OpenAI Models here: https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models | ||
Compliance, Email Data Sub-processing | How and if would you like the IDP from Unique AI to communicate with you? |
| See Outgoing notifications below | |
Tenant Settings, Domain | Which |
| You can select your subdomain yourselves. The self-selected URL must at least be 4 characters long and should not exceed a human readable length otherwise no one can type that. The format is always The name must not be generic like You must consent in written form that this URL will appear in Uniques code base as part of the Infrastructure/Configuration as Code. The URL can’t be changed afterwards without significant effort (timeline and monetary impact). | |
Tenant Settings, Tab Name | Anytime, the earlier the better |  Tab Name | _________________________ | |
Tenant Settings, Theme | You can change the theme anytime later on. It though makes sense to start early so the tenant can be presented from start in the desired appearance. | |||
Tenant Settings, Feature Flags and Settings | Get in touch with your SPOC to define certain behavior up front. | You find various product options in https://unique-ch.atlassian.net/wiki/pages/createpage.action?spaceKey=PUBDOC&title=Unique%20for%20Administrators, feel free to request certain administrative configurations up front to ease your start. | ||
Tenant Settings, SSO | If you want to bring your own SSO or SAML, prepare the information and credentials as early as possible with your central team(s). |
| Unique leverages Zitadel as its IDP - that means all Identity Providers from Zitadel are supported. | |
Tenant Settings, IP-Blocking | If IP-Blocking is desired, please provide all IPs or Ranges (CIDR) | See below. | ||
Tenant Settings, Multiple Orgs | If the to be configured IDP should sport multiple organizations, let the Unique Point Of Contact know so that can be prepared. | SSO can only be tied to one organization. But for testing, development or quality purposes more organizations with username, password (or SSO but another domain) can be configured. |
Further options
Outgoing notifications
If the client would like that our IDP sends out e-mails (for sign-up confirmations, 2FA with e-mail, password change links etc.), they must either trust the @unique.ai e-mail domain as we will send them via our mail server or they must provide a valid SMTP configuration themselves in an encrypted way to us.
Unique does not host e-mail services, there are enough out there to do so.
IP-Blocking
Unique Single Tenants can be isolated using IP-Filtering on the Application Gateway. This option shall be considered carefully as it has a functionality as well as monetary impact. Approach your SPOC to discuss this option.
Unique Employees (Support or Solution Engineering) will be allow-listed using Uniques VPN and Office Outbound IP-Addresses.