Secure Multi-Tenant User Provisioning and Embedded Power BI Analytics Platform for a Senior Care Enterprise
About the Client
The client is a long-established senior care organization with nearly three decades of operational experience in delivering patient-centred services. Operating across multiple facilities and companies, the organization relies heavily on data insights to improve care delivery, operational performance, and strategic planning.
To strengthen governance and streamline analytics access, the client partnered with Santeware to build a centralized platform for user provisioning and secure access to embedded Microsoft Power BI reports.
Problem Overview
The organization used Power BI as its primary analytics platform, but managing report access across multiple companies and user roles created operational challenges.
Key Challenges
- Manual user provisioning across multiple companies
- Risk of overwriting existing user roles during updates
- Inconsistent identity mapping across company environments
- Difficulty managing job titles and user roles at scale
- Limited governance controls for report access
- Dependency on third-party APIs for embedded reporting
- Need for strict compliance with healthcare data security standards
The organization required a centralized solution capable of securely managing analytics access while supporting a growing multi-tenant operational structure.
Core Technology Stack
| Layer | Technology |
| Frontend | ReactJS |
| State Management | Redux |
| Backend | Node.js, Express.js |
| Database | MongoDB |
| Reporting | Microsoft Power BI Embedded |
| Authentication | Azure AD Integration |
| UI Framework | Bootstrap 5, Material UI |
What Santeware Built
Santeware designed and implemented a multi-tenant user provisioning and analytics governance platform that centralizes access management and securely distributes embedded reports.
1. Multi-Tenant Governance Framework
A scalable architecture was introduced to support multiple companies within a single system.
Key capabilities included:
- Tenant isolation for each company
- Masked tenant identifiers secured with encryption
- Attribute-based access mapping per organization
- Configurable feature enablement for specific companies
This architecture allowed the platform to scale while maintaining strict data separation.
2. Automated Identity and Access Provisioning
To simplify onboarding and governance, Santeware implemented automated identity management.
Capabilities included:
- Automated User Principal Name (UPN) generation from imported users
- Company-specific identity mapping rules
- Safeguards preventing accidental overwriting of existing users and roles
- Mass user import functionality for rapid onboarding
This significantly reduced manual administration effort.
3. Job Title and Role Normalization
To improve consistency in role assignments, the system introduced a dedicated job-title management module.
Features included:
- Automated job-title extraction from imported user records
- Job title management interface for company administrators
- Mass upload capability for job title configuration
- Automated detection and highlighting of mismatched job titles
This ensured accurate mapping between organizational roles and report access.
4. Embedded Power BI Analytics
The platform securely embeds Power BI dashboards directly within the application interface.
Capabilities include:
- Dynamic Row-Level Security (RLS) enforcement for each user
- Integration of reports across multiple companies
- Optimized performance for large analytical datasets
- Mobile-friendly report viewing options
Users can access interactive analytics without direct access to the Power BI environment.
5. Administrative Control and User Experience
To simplify governance and operational control, Santeware designed an intuitive administrative interface.
Key features include:
- Separate dashboards for Super Admin and Company Admin users
- Centralized user and role management
- Multi-select controls and bulk operations for faster administration
- Optimized UI for cross-device usage
This improved usability while maintaining enterprise-grade governance.
The Impact
The new platform transformed how the organization manages analytics access and reporting governance.
- Centralized user provisioning across multiple companies
- Automated identity and role mapping
- Secure tenant isolation with encrypted identifiers
- Fully embedded Power BI reporting environment
- Reduced administrative overhead for user onboarding
- Faster, secure access to real-time operational insights
The platform now supports scalable analytics distribution across the organization while maintaining strict data governance.
Outcome
Santeware delivered a secure, scalable platform that unifies user provisioning, role governance, and embedded analytics access for a senior care enterprise.
By combining multi-tenant architecture, automated identity management, and secure Power BI embedding, the solution enables the organization to scale its data-driven operations while maintaining strong compliance and governance controls.
The platform now serves as a foundation for secure analytics distribution across multiple companies and operational environments.
