Observer
Observer

Configure customer-scoped pages

Render the same status page differently per customer, with per-customer SLO thresholds.

Customer-scoped pages let one underlying page serve multiple customers, with each customer's signed-in view filtered to the metrics, services, and SLOs in their contract. The same page can also apply per-customer SLO targets (for example, an enterprise customer with 99.99% reads against a different threshold than a standard customer signed at 99.9%).

Prerequisites

  • The audience already authenticates against an Identity Provider capable of signing JWTs.
  • A list of customers in the console (open Customers, then New customer, and capture each customer's identifier).

Configure the page

  1. Switch the page to customer-scoped mode

    Open the page in the console, then Access. Set:

    • Mode: customer_scoped.
    • Public key or JWKS URL: same as JWT mode.
    • Customer claim: the JWT claim Observer should read to identify the customer. Common choices are sub, customer_id, or a custom claim such as obs_customer_id.

    Save.

  2. Bind customers to the page

    Open the page, then Access, then Customers. Add each customer who is allowed to view the page. Customers without a binding receive a 403 even with a valid token.

  3. Apply per-customer SLO targets (optional)

    Open a customer, then SLO overrides. Add an override with:

    • The SLO whose target should be customer-specific.
    • The customer's contracted target percentage.

    When the customer-scoped page renders for that customer, the SLO strip uses the override target. Other customers viewing the same page see the default SLO target.

Issuing tokens

Issue tokens for each customer with the agreed claim set. The customer-claim value must match a customer in the binding list.

{
  "iss": "https://your-idp.example",
  "aud": "observer-status-page",
  "sub": "user-1234",
  "obs_customer_id": "acme-cloud",
  "exp": 1716480000
}

Behaviour

  • Pages without a binding return 403 even with a valid token.
  • Token expiry returns 401 and the embedded view re-fetches a token.
  • SLO overrides are read on every render and require no caching on the consumer side.
Was this page helpful?