Skip to content

Tenant Administrators

Overview

Tenant Administrators manage healthcare organizations within the VitalBridge platform.

They act as operational administrators for a specific tenant and are responsible for managing providers, patients, and organizational settings.

Onboarding Workflow

sequenceDiagram
  actor Admin as Active Tenant Admin
  participant Gateway as vb-gateway
  participant AdminSvc as vb-admin-service
  participant Identity as vb-identity-service

  Admin->>Gateway: POST /api/v1/tenants/{tenant_id}/administrators

  Note over Gateway: Validation
  Gateway->>Gateway: Verify Auth Token & Role
  Gateway->>Gateway: Check Tenant Isolation

  Gateway-->>Admin: 202 Accepted
  Gateway-)AdminSvc: Emit ``vb.admin.create`` (Command)

  Note over AdminSvc: Atomic Transaction
  AdminSvc->>AdminSvc: Validate Email Uniqueness & Policy
  AdminSvc->>AdminSvc: Insert Admin record (Status: ACTIVE/INVITED)
  AdminSvc->>AdminSvc: Write to Outbox

  AdminSvc-)Identity: Emit ``vb.admin.created`` (Outbox Event)

  Note over Identity: Keycloak Provisioning
  Identity->>Keycloak: Provision/Link Keycloak User
  Identity->>Keycloak: Assign ROLE_TENANT_ADMIN
  Identity->>Identity: Write keycloak_users record + Outbox

  Identity-)Kafka: Emit ``vb.admin.keycloak_user_created``
Hold "Alt" / "Option" to enable pan & zoom

Responsibilities

Tenant Administrators may:

  • Manage providers
  • Manage patients
  • Configure tenant settings
  • View appointments
  • Manage operational workflows

Tenant Administrators cannot:

  • Create tenants
  • Delete tenants
  • Access other tenants
  • Perform platform administration

Tenant Ownership

flowchart TB

    TENANT["Tenant"]

    ADMIN["Tenant Administrator"]

    PROVIDERS["Providers"]

    PATIENTS["Patients"]

    TENANT --> ADMIN

    ADMIN --> PROVIDERS

    ADMIN --> PATIENTS
Hold "Alt" / "Option" to enable pan & zoom

Lifecycle

stateDiagram-v2

    [*] --> Pending

    Pending --> Active

    Active --> Inactive

    Inactive --> Active

    Active --> Archived
Hold "Alt" / "Option" to enable pan & zoom

Access Scope

flowchart LR

    ADMIN["Tenant Administrator"]

    TENANT["Own Tenant"]

    OTHER["Other Tenant"]

    ADMIN --> TENANT

    ADMIN -. Access Denied .-> OTHER
Hold "Alt" / "Option" to enable pan & zoom

Tenant Administrators operate exclusively within their assigned tenant.