Management
The Management service is an internal-facing system used by Monozu operators to provision tenants, manage licenses, and control access to the Cloud platform. End customers never interact with it directly.
Components
Section titled “Components”| Component | Path | Purpose |
|---|---|---|
| Management Backend | Management/management-backend/ | Go API for tenant and license management |
| Management Frontend | Management/management-frontend/ | React SPA for operators |
Responsibilities
Section titled “Responsibilities”- Tenant provisioning — Create tenants in both the Management DB and link them to Cloud by
cloud_tenant_id - License management — Assign plan, features, and expiry. Activate via webhook to Cloud.
- Staff authentication — Operators log in with Microsoft Entra ID (per-management app registration)
- M2M with Cloud Backend — Two-way communication for license sync
Relationship to Cloud Backend
Section titled “Relationship to Cloud Backend”flowchart LR
MgmtBE[Management Backend] -->|POST license/refresh - HMAC| CloudBE[Cloud Backend]
CloudBE -->|GET /internal/v1 - X-Internal-Token| MgmtBE
MgmtBE --> MgmtDB[(Management DB)]
CloudBE --> CloudDB[(Cloud DB)]
The two databases are separate — Management has its own Azure SQL instance. License state is synchronized via the webhook mechanism (not direct DB access).
Licensing source of truth
Section titled “Licensing source of truth”Management is the source of truth for all tenant licenses. Cloud does not self-service license activation. The flow is always:
- Operator activates license in Management Frontend
- Management Backend calls Cloud Backend webhook
- Cloud stores license state locally in
tenant_licenses+tenant_features - Until activation, Cloud tenants are in
pendingstatus and cannot log in
See License Flow for the detailed sequence.