MFA Tenant Guide
This page belongs exclusively to the domain manager, who has the ability to create and manage manager roles.
There are two Tenant sections:
- Manage: page to manage domains and managers;
- Active Directory: page to manage Active Directory.
The panel on figure 2 shows how many users have been enabled and the limit of users who can be enabled.
The panel on figure 3 shows the tenant expiration date. After this expiration date, both tenant and all users managed by the tenant will no longer be able to access the resources protected by MFA.
Manage roles
In this panel the Tenant can create a role by clicking the button 
and entering:
- Role: name that uniquely identifies the role;
- Description: role description.
Once a role has been entered, it is possible to modify its description by clicking the pencil icon 
or to delete it by clicking on the trash can icon 
.
Manage domains
In this panel the Tenant can add a domain that he manages by clicking the button and entering:
- Domain: domain name;
- Description: domain description;
- Activation code: it is used to verify that the Tenant is the person who actually manages that domain. The code entered must be the same as the code of the rewrite header rule inserted in Oplon ADC;
- Company color: color interface of login page;
- Company icon URL: use an image URL to substitute the oplon logo on the login page.
Once a domain has been entered, it is possible to modify its description by clicking the pencil icon or to delete it by clicking on the trash can icon .
Manage roles domains
In this panel the Tenant can associate a role to a domain by clicking the button and entering:
- Role: name that uniquely identifies the role;
- Domain: domain name.
Once a domain-role has been entered, it is only possible to delete it by clicking the trash can icon .
NB: A role can manage multiple domains.
Manage users roles
In this panel the Tenant can associate a user to a role by clicking the button and entering:
- Username: username;
- Role: name that uniquely identifies the role.
At this point, the user to whom a role has been associated will have the possibility to access an additional page to manage the permissions and requests for the domain permissions associated with that role.
Once a user-role has been entered, it is only possible to delete it by clicking the trash can icon .
Clicking the button 
shows the manager's reports.
Report tenant
Clicking on REPORT, it will be displayed a table with all operation executed by your account as Tenant:
- Add, delete, modify table Manage roles;
- Add, delete, modify table tabella Manage domains;
- Add, and delete table Manage roles domains;
- Add, and delete table Manage users roles.
Active Directory
Manage Active Directory
In this panel the Tenant can indicate the URL of the service that exposes the API for Active Directory by clicking on the button :
- Url: URL of the service that exposes the API for Active Directory (Only one URL is handled, extra ones will not be considered);
- Token: token used in rewrite rule to authenticate API requests to Active Directory.
By clicking on the button 
a modal will appear asking you to enter the login credentials of an Active Directory user to perform the import operation. By clicking on the Import button will begin the process of importing Active Directory users into MFA.
Only Active Directory users having an email will be added.
By clicking on the button will be able to change Url and Token.
CBy clicking on the button will delete the line.
Manage Active Directory users
In this panel the Tenant will display some information of all Active Directory users imported into MFA:
- Username: username used to login into MFA;
- Email: email;
- AD Username: Active Directory login user name;
- AD domain: Active Directory domain.