Securing data in multitenant applications on Launchpad

When designing any application, one of the most important decisions is how to structure and secure your data. The right approach depends on your business model, your customers’ needs, and how you want users to interact with your solution.

Launchpad allows you to build multitenant solutions with the security that your application requires. Below, we explore a few data security strategies available in Launchpad, with real-world examples to help you choose the right model for your scenario.

Default Model: Subscriber level data abstraction

Real-world example

Imagine you’re building an Expense Approval app for consulting firms. Company A and Company B want their employees to submit expenses and their managers to approve them. Each company has its own branding requirements. The two companies are isolated and there are no common users between them. 

How to achieve this in Launchpad

Launchpad operates within a Subscriber model, where each Subscriber (customer) is fully isolated from others. After building the Expense Approval Application, you then:

• Create a Subscriber for Company A
  • Deploy the app and create users for Company A
• Create a Subscriber for Company B
  • Deploy the app and create users for Company B

There is no need to implement any application-level security to restrict this access. With the Launchpad Subscriber model, Company A’s data and UI customizations are fully separate from Company B’s. Each Subscriber operates in its own isolated environment, eliminating any risk of accidental data visibility between customers.

When to choose this model

• Customers require strict compliance or contractual data isolation
• Each customer needs custom branding, configurations, or SLAs
• Consolidated reporting across customers is not required
• Context switching between customers is acceptable (e.g., for MSPs)

Application-level access control: data abstraction between users within the same Subscriber

Real-world example

As a Provider, you are building an Audit Management application which will be used by an audit firm that serves many small businesses. Each business submits audit requests, but the central audit team triages and resolves them in one place. Users from every business must see only their own requests, while the auditors need to work and report across all orgs without switching apps.

How to achieve this in Launchpad

Launchpad operates within a Subscriber model, where each Subscriber is isolated from others. In this case, you’ll deploy the app to a single Subscriber (the audit firm) and all users across the small businesses will have access to the same application. Application-level security will restrict visibility between the different businesses.

Here’s how:

• Build application-level security using the Attribute Based Access Control (ABAC) concept in Launchpad
  • Business information can be stored with each of the cases (Requests)
  • Each user can be associated with a business or the audit firm with information stored in the Persona.
  • Create an access condition rule per case/data (Request) to determine which data a user can view

For example:

• • • If a user’s Persona is “Reviewer,” allow access to all requests
    • If a user’s Persona is “CompanyUser,” only allow access to requests where the CompanyID matches the user’s CompanyID

These access conditions apply universally — when listing, viewing, or reporting data — ensuring consistent, secure access control.

• Once configured, you can deploy the app to one Subscriber and onboard all users (auditors and small businesses) in the same environment. Each user sees only the data they’re authorized to view.

When to choose this model

• The application requires cross-customer views (e.g., auditor or manager dashboards)
• You offer managed services and staff work across multiple orgs daily
• Cross-org dashboards and KPIs are key requirements

Hybrid Model: Subscriber-level abstraction and application-level access control within a Subscriber

Real-world example

Extending the previous example, imagine you now need to provide the Audit Management solution to two different audit firms, each serving their own group of small businesses.

How to achieve this in Launchpad

As a provider you can deploy the application to two Subscribers, one for each audit firm. Within the Subscriber we will use application-level security (attribute-based access control).

• Create a Subscriber for AuditFirm1
  • Deploy the app and create users for AuditFirm1 and all the small businesses
• Create a Subscriber for AuditFirm2
  • Deploy the app and create users for AuditFirm2 and all the small businesses

Here, Launchpad applies Subscriber-level isolation between the two audit firms and application-level access control within each Subscriber.

• A user from AuditFirm1 can only access the data from the AuditFirm1 Subscriber (Subscriber data abstraction is applied).
• A user from Business2 under AuditFirm2 can only access data in the AuditFirm2 Subscriber and can only access requests raised by Business2 (Subscriber and application security are both applied).

This approach ensures both organizational isolation and fine-grained access control within each environment.

Launchpad security layers

Launchpad offers multiple layers of data security that can be applied individually or in combination, depending on your requirements:

• Subscriber-level data access
• Application-level role-based access
• Application-level attribute-based access control (ABAC)

By combining these models, you can design multitenant applications that meet diverse and complex security needs — all within Launchpad.

Curious to learn more? Book a conversation with us and discover how Launchpad's multitenancy can help you build secure, scalable solutions that can expand across your client base and extend your market reach.