What technology area does this patent fall under?

Primary CPC classification H04L63/102. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and systems for tenancy in a multitenant environment

US12561468B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12561468-B2
Application number	US-202418758340-A
Country	US
Kind code	B2
Filing date	Jun 28, 2024
Priority date	Jun 8, 2020
Publication date	Feb 24, 2026
Grant date	Feb 24, 2026

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems, methods and computer program products for controlling access to an organization's data in a multitenant environment are provided. An organization hierarchy is defined at a multitenant platform, the organization hierarchy comprising an organization and a plurality of sites owned by the organization, each of the plurality of sites representing a data isolation boundary for the organization's data. The sites are associated with subscriptions to applications of the multitenant platform. The organization can designate user partitions within the sites, each user partition designating a corresponding set of site users and a corresponding authentication service. The multitenant platform enables access to each subscription of a site only if a site user is authenticated by the authentication service designated in the user partition corresponding to the site user.

First claim

Opening claim text (preview).

What is claimed is: 1 . A computer-implemented method for managing access to data in a multitenant environment, the method comprising: defining an organization hierarchy in a multitenant platform that provides site-level subscription-based access to one or more applications, the organization hierarchy comprising a first organization, a plurality of sites owned by the first organization, and site-level subscriptions to applications, wherein the plurality of sites represent data isolation boundaries for data of the first organization; and providing a user interface to an organization administrator associated with the first organization, the user interface providing a unified view of the first organization, the unified view showing the organization hierarchy for the first organization including the plurality of sites owned by the first organization and relationships between the sites in the plurality of sites and the site-level subscriptions, the unified view providing a tool to allow the organization administrator to aggregate data across the plurality of sites. 2 . The computer-implemented method of claim 1 , further comprising: receiving definitions for a plurality of user partitions for a first site from the plurality of sites, each user partition from the plurality of user partitions having an associated authentication service and a segment of site users belonging to the first site; receiving a first user identifier for a first user who is attempting to access a first application through the first site from the plurality of sites, the first site having a first site-level subscription to the first application; determining that the first user is a member of a first user partition from the plurality of user partitions defined for the first site; and based on a determination that the first user is a member of the first user partition, authenticating the first user to use the first application using a first authentication service. 3 . The computer-implemented method of claim 2 , further comprising: receiving a user identifier for a second user who is attempting to access the first application through the first site from the plurality of sites; determining that the second user is a member of a second user partition, wherein the second user partition is defined for the first site; and based on a determination that the second user is a member of the second user partition, authenticating the second user to use the first application using a second authentication service. 4 . The computer-implemented method of claim 3 , further comprising: receiving a second user identifier for the first user attempting to access the first application through a second site from the plurality of sites, the second site having a second site-level subscription to the first application; determining that the first user is a member of a third user partition, wherein the third user partition is defined for the second site and is associated with a third authentication service; and based on a determination that the first user is a member of the third user partition, authenticating the first user to use the first application according to the second site-level subscription. 5 . The method of claim 4 , wherein the first user identifier for the first user and the second user identifier for the first user comprise a common email address for the first user, wherein access of the first user to the first site-level subscription is isolated from access of the first user to the second site-level subscription. 6 . The method of claim 5 , wherein the common email address has a domain that is different from a domain of the first site. 7 . The method of claim 5 , the first user identifier for the first user comprises a site identifier for the first site and the second user identifier for the first user comprises a site identifier for the second site. 8 . The method of claim 5 , wherein the user identifier for the second user comprises an email address of the second user, wherein the second user is identified in the second user partition by the email address of the second user, and wherein the second user is external to the first organization. 9 . A computer program product for controlling access to data in a multitenant environment, the computer program product comprising a non-transitory, computer-readable medium storing instructions executable by a processor to cause the processor to perform: defining an organization hierarchy in a multitenant platform that provides site-level subscription-based access to one or more applications, the organization hierarchy comprising a first organization, a plurality of sites owned by the first organization, and site-level subscriptions to applications, wherein the plurality of sites represent data isolation boundaries for data of the first organization; and providing a user interface to an organization administrator associated with the first organization, the user interface providing a unified view of the first organization, the unified view showing the organization hierarchy for the first organization including the plurality of sites owned by the first organization and relationships between the sites in the plurality of sites and the site-level subscriptions, the unified view providing a tool to allow the organization administrator to aggregate data across the plurality of sites. 10 . The computer program product of claim 9 , wherein the non-transitory, computer-readable medium further stores instructions executable by the processor to cause the processor to perform: receiving definitions for a plurality of user partitions for a first site from the plurality of sites each user partition from the plurality of user partitions having an associated authentication service and a segment of site users belonging to the first site; receiving a first user identifier for a first user who is attempting to access a first application through the first site from the plurality of sites, the first site having a first site-level subscription to the first application; determining that the first user is a member of a first user partition from the plurality of user partitions defined for the first site; and based on a determination that the first user is a member of the first user partition, authenticating the first user to use the first application using a first authentication service. 11 . The computer program product of claim 10 , wherein the non-transitory, computer-readable medium further stores instructions executable by the processor to cause the processor to perform: receiving a user identifier for a second user who is attempting to access the first application through the first site from the plurality of sites; determining that the second user is a member of a second user partition, wherein the second user partition is defined for the first site; and based on a determination that the second user is a member of the second user partition, authenticating the second user to use the first application using a second authentication service. 12 . The computer program product of claim 11 , wherein the non-transitory, computer-readable medium further stores instructions executable by the processor to cause the processor to perform: receiving a second user identifier for the first user attempting to access the first application through a second site from the plurality of sites, the second site having a second site-level subscription to the first application; determining that the first user is a member of a third user partition, wherein the third user partition is defined for the second site and is associated with a third authentication service; and based on a determ

Assignees

Open Text Sa Ulc

Inventors

Classifications

H04L63/102Primary
Entity profiles · CPC title
H04L63/105
Multiple levels of security · CPC title
G06F2221/2141
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
G06F21/31
User authentication · CPC title
G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title

Patent family

Related publications grouped by family.

View patent family 78817583

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12561468B2 cover?: Systems, methods and computer program products for controlling access to an organization's data in a multitenant environment are provided. An organization hierarchy is defined at a multitenant platform, the organization hierarchy comprising an organization and a plurality of sites owned by the organization, each of the plurality of sites representing a data isolation boundary for the organizati…
Who is the assignee on this patent?: Open Text Sa Ulc
What technology area does this patent fall under?: Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).