Managing Tenants

PAM-Pro's multi-tenant architecture allows a single "Shared Brain" to govern multiple isolated "Private Bodies" (client Azure environments). Use the Tenant Management dashboard to onboard and manage these boundaries.

1. Provision a New Tenant

In the Master Console, click "Add Strategic Tenant". You will be prompted to provide the client's unique Microsoft Entra Tenant ID and a Primary Administrative Alias.

2. Dispatch Onboarding Request

The system will generate a secure onboarding invitation. This contains the required App Registration manifest that the client must execute within their own Azure portal to establish the secure service principal relay.

3. Verify Tenant Health

Once the client completes the App Registration, their environment status will pivot to "Connected". You can now remotely monitor their JIT requests and rotation compliance from your unified master dashboard.

4. De-provisioning

To safely offboard a client, select the tenant and click "Terminate Governance". This action gracefully disconnects the service principal relay and prunes the cached metadata from the Master Registry.

Note: De-provisioning a tenant does not delete the client's WORM logs within their own Azure storage. Those remain governed by the client's internal retention policy.