Single Tenant
A single-tenant on Unique is a separate, isolated, regulated and governed deployment of our product within our own Azure perimeter. Customers that opt for this approach get their own landing-zone that they can reach e.g. with https://customer.unique.app.
- Single Tenant Vending Form — To start discussing a single tenant, the following questions around compliance, tenant properties and capacity planning have to be answered.
- Service Level Agreement - Single Tenant
- Advanced Scenarios
- Integration of Customer-Managed Keys with Azure Key Vault — This Confluence page provides detailed use cases and configurations for integrating customer-managed keys within an Independent Software Vendor (ISV) Azure environment. The keys will be managed through Azure Key Vault and integrated with the customer's Thales CipherTrust Cloud Key Manager (CCKM) platform.
Get started
Refer to Single Tenant Vending Form
Tenat setup
Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.
For every detail you can not find in our concept refer first to the official documentation.
For Single-Tenants we use another Active Directory Tenant than for our https://unique-ch.atlassian.net/wiki/spaces/Q/pages/235470943!
The tenant used here adheres to the Principle of Least Privilege. To do so, we leverage Privileged Access Management and Conditional Access.
Property | Scenario |
|---|---|
Azure Active Directory | As outlined above, for single-tenants we use a heavily governed AAD tenant. |
Management Group Unique Enterprise | Our top level management group |
Management Group Landing Zone Customer 1 (…n) | Each customer has their own management group in order to leverage one subscription per customer |
Subscription Landing Zone Subscription 1 (…n) | Each customer has their own subscription so we can leverage the full capabilities of RBAC, Security Policies, Privileged Access Management and Conditional Access based on a customers need |
Tenant architecture
Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.
For every detail you can not find in our concept refer first to the official documentation.
This is Uniques implementation of our own Infrastructure requirements with additions to empower Terraform and Audit Logs.
Author | @Dominik Meyer |
|---|
© 2025 Unique AG. All rights reserved. Privacy Policy – Terms of Service