Single Tenant Vending Form
To start discussing a single tenant, the following questions around compliance, tenant properties and capacity planning have to be answered.
Area | Needed as per | Clarification | Options | Further information |
|---|---|---|---|---|
Compliance | Upfront | Where can the Unique employees maintain the solution be from? |
| From which locations is Unique allowed to access the single tenant to provide support. |
Compliance, Data Residency | In which Azure region should the primary deployment reside? |
| ||
Which Azure regions could be used for any OpenAI or LLM interactions? |
| More regions = more flexibility and potentially better quality. Check regions for OpenAI Models here: Azure OpenAI in Azure AI Foundry Models - Azure OpenAI | ||
Compliance, Email Data Sub-processing | How and if would you like the IDP from Unique AI to communicate with you? |
| ||
Tenant Settings, Domain | Which |
| You can select your subdomain yourselves. The self-selected URL must at least be 4 characters long and should not exceed a human readable length otherwise no one can type that. The format is always The name must not be generic like You must consent in written form that this URL will appear in Uniques code base as part of the Infrastructure/Configuration as Code. The URL can’t be changed afterwards without significant effort (timeline and monetary impact). | |
Tenant Settings, Tab Name | Anytime, the earlier the better |  Tab Name
| _________________________ |
|
Tenant Settings, Theme | You can change the theme anytime later on. It though makes sense to start early so the tenant can be presented from start in the desired appearance. |
| ||
Tenant Settings, Feature Flags and Settings | Get in touch with your SPOC to define certain behavior up front. |
| You find various product options in Technical Product Administration, feel free to request certain administrative configurations up front to ease your start. | |
Tenant Settings, SSO | If you want to bring your own SSO or SAML, prepare the information and credentials as early as possible with your central team(s). | Unique leverages Zitadel as its IDP - that means all Identity Providers from Zitadel are supported. |
Further options
Mobile Apps
Mobile setups with managed devices repeatedly surfaced to be tricky. Make sure to prepare your landscape as early as possible as outlined in https://unique-ch.atlassian.net/wiki/x/JwBdMw.
If you chose IP-Blocking below, ensure repeatedly that the devices always use authorized IP ranges.
Outgoing notifications
If the client would like that our IDP sends out e-mails (for sign-up confirmations, 2FA with e-mail, password change links etc.), they must either trust the @unique.ch e-mail domain as we will send them via our mail server or they must provide a valid SMTP configuration themselves in an encrypted way to us.
You can read in the FAQ Security section how Unique is DMARC compliant.
Unique does not host e-mail services, there are enough out there to do so.
IP-Blocking
Unique Single Tenants can be isolated using IP-Filtering on the Application Gateway. This option shall be considered carefully as it has a functionality as well as monetary impact. Approach your SPOC to discuss this option.
Unique Employees (Support or Solution Engineering) will be allow-listed using Uniques VPN and Office Outbound IP-Addresses.
Author | Solution Engineering |
|---|
© 2025 Unique AG. All rights reserved. Privacy Policy – Terms of Service