FINBOURNE offers single and multi-tenant hosting options, both of which use an Okta implementation as the identity provider. By default, all evaluation LUSID accounts are hosted using a shared multi-tenant LUSID environment. To discuss how to set a single tenant LUSID environment, please contact us at email@example.com.
In the single tenant hosting option, each client has its own LUSID environment and its own corresponding Okta tenant. Users are imported into the FINBOURNE Okta tenant from the client source and use federated authentication against Okta using OpenID Connect.
In the multi-tenant hosting option clients can share a LUSID environment (with appropriate access controls restricting access to data) and share an Okta tenant. Authentication can be federated against a client provider or managed by FINBOURNE.
Please note, all data is partitioned using a client identifier to ensure there is no cross contamination of client data within a multi-tenant LUSID environment. The client identifier is set at a client organisation level for all users and the client has no ability to change or submit alternate identifiers as part of any request.