Multi-Tenant Architecture
First Line Done is built from the ground up for multi-tenancy. Every institution gets a fully isolated workspace — all on shared infrastructure.
How tenant isolation works
FLD uses a shared database, application-level isolation model:
- Every tenant record has an
institution_idforeign key. - A
TenantAwareSessionautomatically filters all queries to the authenticated user's institution. - JWT tokens are scoped to a user, which is scoped to an institution.
- Middleware validates that URL parameters never reference another tenant's resources.
User roles
Each user within a tenant has one of these roles:
| Role | Description |
|---|---|
super_admin | Platform admin — can bypass tenant isolation |
compliance_manager | Full access within the institution, can manage team and billing |
mlro | MLRO role — can file and approve SARs |
analyst | Create/edit entities, run screening, process DD cases |
viewer | Read-only access across all products |
api_user | API key access for server-to-server integrations |
Creating your first institution
Sign up at /signup to create your institution workspace. The signing up user becomes the Compliance Manager (admin) of that institution.
Inviting team members
Navigate to Settings → Team Members → Invite Member. An email is sent with a 7-day invitation link. The invitee creates an account and is automatically scoped to your institution.
API access for an institution
Each institution can generate API keys in Settings → API Keys. API keys are scoped to the institution and behave like api_user role tokens.
Data isolation guarantees
- No cross-institution queries are possible at the ORM level.
- URL path parameters (e.g.
/api/entities/123) are validated against the current tenant. - File uploads are stored in institution-scoped directories.
- Audit logs are scoped per institution.