Single Tenant

Single Tenant

 

A single-tenant on Unique is a separate, isolated, regulated and governed deployment of our product within our own Azure perimeter. Customers that opt for this approach get their own landing-zone that they can reach e.g. with https://customer.unique.app.


  • Single Tenant Vending FormTo start discussing a single tenant, the following questions around compliance, tenant properties and capacity planning have to be answered.
  • Advanced Scenarios
    • Integration of Customer-Managed Keys with Azure Key VaultThis Confluence page provides detailed use cases and configurations for integrating customer-managed keys within an Independent Software Vendor (ISV) Azure environment. The keys will be managed through Azure Key Vault and integrated with the customer's Thales CipherTrust Cloud Key Manager (CCKM) platform.


Get started

Tenat setup

Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.

For every detail you can not find in our concept refer first to the official documentation.

For Single-Tenants we use another Active Directory Tenant than for our https://unique-ch.atlassian.net/wiki/spaces/Q/pages/235470943!

The tenant used here adheres to the Principle of Least Privilege. To do so, we leverage Privileged Access Management and Conditional Access.

Property

Scenario

Property

Scenario

Azure Active Directory

As outlined above, for single-tenants we use a heavily governed AAD tenant.

Management Group

Unique Enterprise

Our top level management group

Management Group

Landing Zone Customer 1 (…n)

Each customer has their own management group in order to leverage one subscription per customer

Subscription

Landing Zone Subscription 1 (…n)

Each customer has their own subscription so we can leverage the full capabilities of RBAC, Security Policies, Privileged Access Management and Conditional Access based on a customers need

Tenant architecture

Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.

For every detail you can not find in our concept refer first to the official documentation.

This is Uniques implementation of our own https://unique-ch.atlassian.net/wiki/spaces/PUB/pages/446234783 with additions to empower Terraform and Audit Logs.


Author

@Dominik Meyer

 

© 2025 Unique AG. All rights reserved. Privacy PolicyTerms of Service