Application configuration

We claim: 1. A method comprising: configuring an application managed by a provider to run according to a selected usage scenario of a group of usage scenarios and in accordance with a hierarchical identity management (IDM) model based on the selected usage scenario, the hierarchical IDM model including an IDM model of the provider that specifies users of the provider, the group of usage scenarios comprising: a hard-partitioned usage scenario in which instances of the application are hard partitioned in correspondence with tenants of the provider; and a soft-partitioned usage scenario in which the instances of the application are soft partitioned in correspondence with the tenants of the provider; and executing the configured application, wherein the hierarchical IDM model comprises a root node corresponding to the provider and child nodes directly under the root node and that correspond to the tenants of the provider. 2. The method of claim 1 , wherein the group of usage scenarios further comprises a single-tenant usage scenario having a single instance of the application for a sole tenant. 3. The method of claim 1 , wherein the provider is a software-as-a-service (SaaS) provider or a managed service provider (MSP), and the tenants are customers of the provider, or wherein the provider is an entity, and the tenants are units of the entity. 4. The method of claim 1 , wherein the hard-partitioned usage scenario is selected as either: a first hard-partitioned usage scenario in which the instances of the application are logical instances of the application, or a second hard-partitioned usage scenario in which the instances of the application are physical instances of the application. 5. The method of claim 1 , wherein the hard-partitioned usage scenario is selected as either: a first hard-partitioned usage scenario in which the tenants are respectively able to access but not modify operating environments of the tenants via the instances of the application, or a second hard-partitioned usage scenario in which the tenants are respectively able to both access and modify the operating environments of the tenants via the instances of the application. 6. The method of claim 1 , wherein the selected usage scenario is the hard-partitioned usage scenario, and the tenants of the provider comprise a provider tenant, the method further comprising: configuring the instance of the application corresponding to the provider tenant according to a further hard-partitioned usage scenario in which the instance of the application corresponding to the provider tenant is further hard partitioned into sub-instances corresponding with sub-tenants of the provider tenant. 7. The method of claim 1 , wherein the soft-partitioned usage scenario is selected as either: a first soft-partitioned usage scenario in which the tenants are unable to access or modify respective operating environments via the instances of the application, a second soft-partitioned usage scenario in which the tenants are able to access but not modify the respective operating environments via the instances of the application, or a third soft-partitioned usage scenario in which the tenants are able to both access and modify the respective operating environments via the instances of the application. 8. The method of claim 1 , wherein the selected usage scenario is the soft-partitioned usage scenario, and the tenants of the provider comprise a provider tenant, the method further comprising: configuring the instance of the application corresponding to the provider tenant according to a further soft-partitioned usage scenario in which the instance of the application corresponding to the provider tenant is further soft partitioned into sub-instances corresponding with sub-tenants of the provider tenant. 9. The method of claim 1 , wherein the root node comprises the IDM model of the provider that specifies the users of the provider. 10. The method of claim 9 , wherein the selected usage scenario is the hard-partitioned usage scenario, and configuring the application comprises: configuring the instances of the application according to the IDM model of the provider. 11. The method of claim 10 , wherein in the selected usage scenario, the tenants are respectively able to at least access respective operating environments via the instances of the application, and configuring the application further comprises: configuring the instances of the application according to respective IDM models of the tenants of the provider that each specify users of a corresponding tenant, wherein the child nodes directly under the root node comprise the respective IDM models of the tenants of the provider. 12. The method of claim 10 , wherein in the selected usage scenario, the provider is able to have aggregated access to the respective operating environments via the instances of the application, and configuring the application further comprises: configuring a provider instance of the application according to the IDM model of the provider. 13. The method of claim 9 , wherein the selected usage scenario is the soft-partitioned usage scenario, and configuring the application comprises: configuring the instances of the application and a provider instance of the application according to the IDM model of the provider; and assigning trinities governing user access to the instances to the instances of the application and the provider instance of the application, and wherein each trinity comprises: a specification of a user group; a specification of a zone of an operating environment managed via the instance to which the trinity corresponds; and a specification of security access of users of the user group to the zone. 14. The method of claim 13 , wherein the specification of the security access of each trinity comprises role-based access control (RBAC). 15. The method of claim 13 , wherein in the selected usage scenario, the tenants are respectively able to at least access respective operating environments via the instances of the application, and configuring the application further comprises: configuring the instances of the application according to respective IDM models of the tenants of the provider that each specify users of a corresponding tenant, wherein the child nodes directly under the root node comprise the respective IDM models of the tenants of the provider. 16. The method of claim 15 , wherein configuring the application further comprises: specifying tags that each identifying an identical user among the respective IDM models of the tenants of the provider to support single sign-on (SSO). 17. The method of claim 13 , wherein in the selected usage scenario, the tenants are further able to at least access respective operating environments via the instances of the application, and configuring the application further comprises: configuring access applications for the instances of the application by which tenant access the respective operating environments via the instances of the application. 18. The method of claim 1 , wherein, in the hard-partitioned usage scenario, the instances of the application are separate copies of the application when physically hard partitioned and are logical instances of a single copy of the application when logically hard partitioned, wherein, in the soft-partitioned usage scenario, a provider instance of the application permits the provider to switchably access the instances corresponding to the tenants without having to log into and out of environments of the instances.