Following are the best practices that you should follow while configuring the distributed managed service provider model for multi-tenancy in your environment
- On the master node, you should edit your template (SVT) in modules that are being replicated from the tenant nodes so that you include the Tenant field on
To edit the SVT, navigate to the module for which you want to update the SVT, for example,
Alerts, open a record and click Edit Template. On the
Template Editing Mode Enabledpage, in the appropriate widget, such as
Form Group Detailsclick Edit, and add the
Tenantfield ensuring that this field has been marked as a Required field and then click Add. Click Save to save your changes to the SVT.
- SOC analysts at the master node must at the minimum have
Readaccess for the
Tenantsmodule so that they can investigate any incidents that might occur at the tenant node.
- To assign a team to a tenant, on the master node, edit the tenant record on the tenant's page. In the detail view of the tenant record, add or link a team. Once a team is assigned, the records from that tenant will automatically be assigned to that team.
- If you are creating a record on the master node, ensure that you assign that record to the appropriate tenant.
Important: Once a tenant is assigned to a record, the assignment of that record cannot be changed. If you require to change the assignment of that record, then you must delete the record and re-assign the record correctly.
- Once playbooks that contain On Update, On Create, or Custom API Endpoint triggers are pushed to the tenant they should be deactivated at the master node. Otherwise, the playbook will be triggered at both the nodes.
- On the tenant node, disable the FortiSOAR system playbooks in the System Notification and Escalation Playbooks collection, except for the Notify Playbooks, and disable all the playbooks in the SLA Management Playbook collection.