Looking for up-to-date Help documentation? Documentation for the latest releases of Totara is now available at totara.help!

Visit the new Help site

On this page

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space THM and version 13

...

If required you can click Preview to see how your uploaded data will look. After uploading your file check the Tenant participants page to see the users you have uploaded.

Note

When using the tenant user upload method it is not possible to update the authentication method. 

Upload users (Site Administrator)

...

Note

In a single tenant you can have members and participants in one or many roles.

...

When a tenant is created an audience is created containing all tenant users (both members and participants). If additional users are later added to the tenant they will be automatically added to this audience. Users are also automatically removed from the audience if they are no longer a tenant member or participant.

The default audience is created at the category level, not the system level. If you wish to create sub-groups of tenant members, you can create a dynamic audience at the system level using Tenant Member as a rule.

Note

Note that applications of dynamic audiences with multitenancy could cause issues, as you might accidentally assign visibility of a course from one tenant to users from another tenant, or enrol users in courses from the wrong tenant. If you do decide to set up your own dynamic audiences, be careful when setting rules and assigning learning.

In order to manage the Rules tab for a dynamic audience the Tenant Domain Manager (or another role you choose) will need to be given the totara/cohort:managerules capability.

Isolation mode

One additional feature you may want to enable is Tenant isolation. When isolation is not enabled users will be visible across your tenants, making it easier to share content between tenants. This means that site-wide content is visible regardless of the tenant. However when isolation mode is enabled the content and users in each tenant are completely separate from other tenants. For example, when isolation is turned on users in one tenant will only see course catalogue items for their tenant.

You can turn isolation mode on by navigating to Quick-access menu > Development > Experimental > Experimental settings, then check the Enable tenant isolation setting.

Warning

Tenant isolation is an experimental setting, meaning it has not been widely tested for all use cases. We recommend you use a test server for testing experimental features before enabling them on your production site.

Please note that when tenant isolation is enabled legacy performance management functionality and learning plans will not be available.

The Enable tenant isolation setting in experimental settings.Image Removed

Reporting

By default Tenant User Managers and Domain Managers do not have the required permissions to create new user reports. However, global Site Administrators can create and share reports to use for your tenants.

When creating or editing a report you can choose to limit the content of the report based on tenants. To do this follow these steps:

  1. Create a new report or edit an existing one.
  2. Navigate to the Content tab.
  3. To limit the users included in the report to those in the user's tenant, scroll down to the Enforce user visibility restrictions section and enable the Show records based on user visibility rules setting.
  4. To limit the content of the report, scroll down to the Enforce sitewide visibility restrictions section and enable the Show records based on audience, course and workspace visibility restrictions setting.
  5. Configure the other settings as required, then select Save changes.

When this setting is enabled tenant members can only see records for members of their tenant in reports, meaning report data is relevant and report data is not leaked across tenants.

Widget Connector
width534
urlhttps://www.youtube.com/watch?v=eCKHK0AwE2g
height300

Courses and categories

When you create a new tenant you will also create a new category for that tenant. This is intended to be the location of any courses, programs and certifications created for tenant members. 

You can create, edit and manage categories for a tenant in the same way you would at the system level in Totara.

Please see the courses documentation and categories pages for more information on using these features. 

The tenant administration block showing the category and a sub-category.Image Removed

Tip

If you want a course to be available to users in all tenants on your site you can add it to a system-level category. If required you could create a specific category for this purpose.

Adding a course to a tenant (Tenant Domain Manager)

  1. As a Tenant Domain Manager for a single tenant, go to Quick-access menu > Courses and categories, then skip to step 4. If you are a Tenant Domain Manager for multiple tenants then navigate to the appropriate tenant dashboard from the Dashboards block.
  2. From the Administration block go to [tenant name] > Manage this category.
  3. Select the tenant to which you would like to add a course.
  4. Under the tenant category, select Create new course
  5. Complete the required fields, then select either Save and return or Save and display.
Tip

For more information on setting up your course, see the courses documentation.

Partially supported features

Although many features are well supported for multitenancy in Totara, some currently have limitations. We are constantly working to improve multitenancy and enable more features. 

The following Totara features currently have limited multitenancy support, meaning they will work but some aspects might not, or may be limited in how you can apply them. 

Audiences

There is multitenancy support for audiences, however some underlying features are currently not enabled.

As a Tenant Domain Manager you will not be able to see the Enrolled learning tab when managing an audience in your tenant. This is because the Tenant Domain Manager role does not have appropriate permissions (as some of the underlying features are not fully supported by multitenancy), which could result in the leaking of permissions and access. We are working to implement these features in a future version of Totara. 

Dashboards

Currently dashboards are supported with multitenancy but with some limitations. As a Tenant Domain Manager or Tenant User Manager you cannot edit your tenant dashboard. We are currently working on allowing Tenant User Managers to edit their tenant dashboard. 

Unsupported features

At Totara we are always working to improve our platform and your experience. With that in mind we are currently working on expanding multitenancy support. 

Currently some features across the Totara Talent Experience Platform do not support multitenancy. These features may not interact well with multitenancy instances, or may not allow you to add restrictions as you wish. These features include:

  • HR import: Can be used to add users as members (single tenancy) and participant (one or multiple tenancies). HR Import is still a centralised feature meaning it can't be used by tenant roles.
  • BadgesTenant roles can only manage course badges. System badge management is currently limited to system level roles.
  • MessagingWhen isolation is off there's no hard restriction on users messaging cross-tenancies. With isolation turned on, tenant members only see users from their own tenancy.
  • Job assignmentJob assignments can only be managed by system level roles.
  • Learning plans (requires Totara Learn): Learning plans templates can only be managed by system level roles.
  • Legacy 360 feedback: This feature is outdated and has no multitenancy support 
  • Goals (requires Totara Perform): Tenant members cannot use the goals functionality with strict isolation turned on.
  • OrganisationsOrganisation frameworks are a system level feature meaning they can only be managed centrally by system level roles. There's no way to connect organisations to tenancies.
  • Positions: Position frameworks are a system level feature meaning they can only be managed centrally by system level roles. There's no way to connect positions to tenancies.
  • Login as: Tenant members cannot use login as functionality at the moment. However, site-level roles can use login as functionality with all users in the system.

...

Change tenant membership with HR import

You can manage your tenants' members and participants using HR import. This is done using the User HR import source and the tenantmember and tenantparticipant columns. These columns contain the tenant ID(s) of the tenants for which each user should be a participant or member. 

To remove a tenant member and add them as a tenant participant, follow these steps:

  1. Include the tenant member (tenantmemberand tenant participant (tenantparticipant) columns in the HR import file.
  2. Add a blank value in the tenant member (tenantmembercolumn.
  3. Add the comma-separated list of tenant ID(s) in the tenant participant (tenantparticipant) column.
  4. Upload the file following the HR import instructions.

Ensure that the user element setting Empty string behaviour in CSV is set to CSV Empty strings erase existing data. To ensure that data is not unintentionally deleted you will need to check that all required fields have values in the HR import file.

Tenant audiences
Anchor
tenantaudiences
tenantaudiences
 

When a tenant is created an audience is created containing all tenant users (both members and participants). If additional users are later added to the tenant they will be automatically added to this audience. Users are also automatically removed from the audience if they are no longer a tenant member or participant.

The default audience is created at the category level, not the system level. If you wish to create sub-groups of tenant members, you can create a dynamic audience at the system level using Tenant Member as a rule.

Note

Note that applications of dynamic audiences with multitenancy could cause issues, as you might accidentally assign visibility of a course from one tenant to users from another tenant, or enrol users in courses from the wrong tenant. If you do decide to set up your own dynamic audiences, be careful when setting rules and assigning learning.

In order to manage the Rules tab for a dynamic audience the Tenant Domain Manager (or another role you choose) will need to be given the totara/cohort:managerules capability.

Isolation mode

One additional feature you may want to enable is Tenant isolation. When isolation is not enabled users will be visible across your tenants, making it easier to share content between tenants. This means that site-wide content is visible regardless of the tenant. However when isolation mode is enabled the content and users in each tenant are completely separate from other tenants. For example, when isolation is turned on users in one tenant will only see course catalogue items for their tenant.

You can turn isolation mode on by navigating to Quick-access menu > Development > Experimental > Experimental settings, then check the Enable tenant isolation setting.

Warning

Tenant isolation is an experimental setting, meaning it has not been widely tested for all use cases. We recommend you use a test server for testing experimental features before enabling them on your production site.

Please note that when tenant isolation is enabled legacy performance management functionality and learning plans will not be available.

The Enable tenant isolation setting in experimental settings.Image Added

Reporting

By default Tenant User Managers and Domain Managers do not have the required permissions to create new user reports. However, global Site Administrators can create and share reports to use for your tenants.

When creating or editing a report you can choose to limit the content of the report based on tenants. To do this follow these steps:

  1. Create a new report or edit an existing one.
  2. Navigate to the Content tab.
  3. To limit the users included in the report to those in the user's tenant, scroll down to the Enforce user visibility restrictions section and enable the Show records based on user visibility rules setting.
  4. To limit the content of the report, scroll down to the Enforce sitewide visibility restrictions section and enable the Show records based on audience, course and workspace visibility restrictions setting.
  5. Configure the other settings as required, then select Save changes.

When this setting is enabled tenant members can only see records for members of their tenant in reports, meaning report data is relevant and report data is not leaked across tenants.

Widget Connector
width534
urlhttps://www.youtube.com/watch?v=eCKHK0AwE2g
height300

Courses and categories

When you create a new tenant you will also create a new category for that tenant. This is intended to be the location of any courses, programs and certifications created for tenant members. 

You can create, edit and manage categories for a tenant in the same way you would at the system level in Totara.

Please see the courses documentation and categories pages for more information on using these features. 

The tenant administration block showing the category and a sub-category.Image Added

Tip

If you want a course to be available to users in all tenants on your site you can add it to a system-level category. If required you could create a specific category for this purpose.

Adding a course to a tenant (Tenant Domain Manager)

  1. As a Tenant Domain Manager for a single tenant, go to Quick-access menu > Courses and categories, then skip to step 4. If you are a Tenant Domain Manager for multiple tenants then navigate to the appropriate tenant dashboard from the Dashboards block.
  2. From the Administration block go to [tenant name] > Manage this category.
  3. Select the tenant to which you would like to add a course.
  4. Under the tenant category, select Create new course
  5. Complete the required fields, then select either Save and return or Save and display.
Tip

For more information on setting up your course, see the courses documentation.

Partially supported features

Although many features are well supported for multitenancy in Totara, some currently have limitations. We are constantly working to improve multitenancy and enable more features. 

The following Totara features currently have limited multitenancy support, meaning they will work but some aspects might not, or may be limited in how you can apply them. 

Audiences

There is multitenancy support for audiences, however some underlying features are currently not enabled.

As a Tenant Domain Manager you will not be able to see the Enrolled learning tab when managing an audience in your tenant. This is because the Tenant Domain Manager role does not have appropriate permissions (as some of the underlying features are not fully supported by multitenancy), which could result in the leaking of permissions and access. We are working to implement these features in a future version of Totara. 

Dashboards

Currently dashboards are supported with multitenancy but with some limitations. As a Tenant Domain Manager or Tenant User Manager you cannot edit your tenant dashboard. We are currently working on allowing Tenant User Managers to edit their tenant dashboard. 

Unsupported features

At Totara we are always working to improve our platform and your experience. With that in mind we are currently working on expanding multitenancy support. 

Currently some features across the Totara Talent Experience Platform do not support multitenancy. These features may not interact well with multitenancy instances, or may not allow you to add restrictions as you wish. These features include:

  • HR import: Can be used to add users as members (single tenancy) and participant (one or multiple tenancies). HR Import is still a centralised feature meaning it can't be used by tenant roles.
  • BadgesTenant roles can only manage course badges. System badge management is currently limited to system-level roles.
  • MessagingWhen isolation is off there's no hard restriction on users messaging cross-tenancies. With isolation turned on, tenant members only see users from their own tenancy.
  • Job assignmentJob assignments can only be managed by system-level roles.
  • Learning plans (requires Totara Learn): Learning plans templates can only be managed by system-level roles.
  • Legacy 360 feedback: This feature is outdated and has no multitenancy support. 
  • Goals (requires Totara Perform): Tenant members can use goals with isolation turned on, but cannot view company goal details or the associated goal frameworks. Tenant users can create personal goals for themselves or their team. Goal frameworks can only be managed at the system level.
  • OrganisationsOrganisation frameworks are a system-level feature meaning they can only be managed centrally by system-level roles. There's no way to connect organisations to tenancies.
  • Positions: Position frameworks are a system-level feature meaning they can only be managed centrally by system-level roles. There's no way to connect positions to tenancies.
  • Login as: Tenant members cannot use login as functionality at the moment. However, site-level roles can use login as functionality with all users in the system.
  • Competencies: Competencies can only be managed by system-level roles, and cannot be restricted to specific tenants.
  • Seminar resources (assets, rooms, facilitators): Seminar assets, rooms and facilitators can only be managed by system-level roles, and will be available to users setting up seminar activities in all tenants.
  • Tags: Tags are created and managed at the system level, and cannot be restricted to individual tenants. Tags can only be managed by system-level roles.
  • Authentication methods: Authentication methods can only be enabled, disabled and configured at the site-level, meaning they will be available for all tenants if set up. Authentication methods can only be configured by users with relevant roles at the system level.
  • System and plugin settings: Any system or plugin settings will apply to all tenants. These settings can only be configured by users with relevant roles at the system level.

Multitenancy use cases
Anchor
multitenancyuses
multitenancyuses

In this section we have suggested several possible use cases for multitenancy. These are just examples - multitenancy can be a valuable addition for a wide range of organisational structures. Note that the setup and configuration for these use cases will be broadly similar.

Multiple groups within an organisation

...