TagFinder Logo
TagFinder
Architecture

Multi-Tenant SaaS

Isolated organizations, role-based access, white-labeling, and impersonation — built for reseller partners and enterprise.

What is Multi-Tenancy?

Multi-tenancy means a single instance of TagFinder serves multiple independent organizations (tenants). Each tenant gets their own isolated data, users, configurations, and branding — while sharing the same underlying infrastructure for cost efficiency and rapid deployment.

This is how reseller partners can offer TagFinder under their own brand, manage multiple end-customers from a single dashboard, and scale without managing infrastructure.

Core Features

Organization Isolation

Each tenant's data is strictly isolated. Users in Org A cannot see Org B's assets, sensor data, or configurations. Enforced at the API layer with row-level policies.

Role-Based Access Control

Admins, operators, viewers — each role has scoped permissions. Managed via Keycloak OIDC. Supports custom roles for enterprise deployments.

Admin Impersonation

Platform admins and reseller partners can impersonate any organization to provide support, without needing the customer's credentials.

White-Label Branding

Custom logo, colors, subdomain per reseller. End customers see the reseller's brand, not TagFinder. Full CSS and identity customization.

Custom Subdomains

Each reseller or enterprise can have their own subdomain: tracking.yourbrand.com — with SSL certificates managed automatically.

SSO & Federation

Enterprise customers can federate their existing identity provider (Azure AD, Okta, Google Workspace) via Keycloak's OIDC/SAML support.

Deployment Models

SaaS (Shared)

Multiple tenants on shared Google Cloud Run infrastructure. Fastest to deploy. Automatic updates. Best for SMB and reseller partners.

Dedicated (Single-Tenant)

Isolated cloud instance in your chosen region. Your data stays in your jurisdiction. Same software, dedicated resources.

On-Premise

Run TagFinder on your own infrastructure using Docker Compose or Kubernetes. Full control. Air-gapped support.

For Reseller Partners

40%

SaaS Margin

Buy at 60% of list price

Sub-Organizations

Manage unlimited end-customers

0

Infrastructure Work

We handle hosting, updates, backups

Technical Stack

Keycloak

OIDC/OAuth2 identity provider. Manages organizations, roles, and SSO federation.

FastAPI

Python REST API with per-request tenant context injection and row-level data isolation.

Google Cloud Run

Serverless containers that auto-scale. Each request is authenticated and routed to the correct tenant.

TimescaleDB

Time-series data partitioned by organization. Configurable retention policies per tenant tier.

Interested in reselling TagFinder?

Multi-Tenant SaaS Architecture — TagFinder