Summary
Teach users how to deploy a single agent instance serving multiple tenants with hard data isolation boundaries. Multi-tenancy is essential for shared enterprise platforms where different teams or customers must not see each other's data.
Course Section Outline
- Why multi-tenancy matters for shared enterprise deployments — cost efficiency with isolation guarantees
- OIDC-based tenant extraction — reading tenant identity from JWT claims
- Configuring tenant claim paths in agent.yaml
- Postgres Row-Level Security setup — policies, tenant column conventions, migration patterns
- Per-tenant rate limiting — preventing one tenant from starving others
- Per-tenant budgets — independent cost tracking and chargeback
- Testing tenant isolation — verifying cross-tenant queries return nothing
- FIPS considerations for JWT validation — RS256/ES256 only, no HS256
Lab Exercise
Configure two tenants via OIDC claims. Create sessions and conversations under each tenant identity. Verify hard isolation by querying from one tenant and confirming zero visibility into the other tenant's sessions, traces, and feedback data.
Companion Issues
Companion issues filed on fips-agents/agent-template, fips-agents/gateway-template, fips-agents/ui-template, and fips-agents/fips-agents-cli.
Size
M
Summary
Teach users how to deploy a single agent instance serving multiple tenants with hard data isolation boundaries. Multi-tenancy is essential for shared enterprise platforms where different teams or customers must not see each other's data.
Course Section Outline
Lab Exercise
Configure two tenants via OIDC claims. Create sessions and conversations under each tenant identity. Verify hard isolation by querying from one tenant and confirming zero visibility into the other tenant's sessions, traces, and feedback data.
Companion Issues
Companion issues filed on fips-agents/agent-template, fips-agents/gateway-template, fips-agents/ui-template, and fips-agents/fips-agents-cli.
Size
M