Chronicle SOAR uses environments to manage tenants. Each environment that represents a tenant \ customer is created with a set of metadata fields – customer image, customer name, description, contact name, phone and email and  Remote Agents configuration. In addition, the following capabilities are provided by Chronicle SOAR for additional value in a multi-tenant deployment:

Environment Operational Settings
The following settings are configured per environment to help with customer specific use-cases in daily operation: SLAs, custom lists, customer domains and networks, email templates, blocklisted items.

Connectors
Connectors are applications that ingest alerts from different types of sources (SIEM, Database, Email box etc.) into Chronicle SOAR. Multiple connectors can run in parallel collecting alerts from local or remote products, and assigning them automatically to the relevant environment.
Connectors can also take into consideration the multi-tenancy defined in the source product (e.g. multi-tenant QRadar SIEM).

Data Separation
Ingested and collected data (Cases, Alerts, Events, Playbook Results etc.) is separated into environments. Each environment will contain data relevant to the customer, without any possibility for data moving to another environment. Data assigned to an environment will be visible to permitted users only.

Data Consolidation
All data is consolidated in a single queue with the same language for the SOC team (analyzed processes) – regardless of the source product.
Easier to onboard new customers (just switching the connector) and new security analysts (they don’t need to be experts in products).
Support more customers with different types of technologies (EK, Splunk, AlienVault etc.)

Entity Explorer
Security teams can view entities across the entire customer base or within the context of a specific environment (e.g. see if a malicious hash found on “Customer A” also appeared on “Customer B” site.)

User Permissions
Along with module permissions, users can also be assigned to the environments they can view or handle. Customers can also get limited user access to Chronicle SOAR to review dashboards, reports, playbooks etc. with their relevant information alone.

Marketplace
Integrations are defined per environment.

Playbooks
Extend the playbooks to customer remote sites, to allow security analysts (who have sufficient privileges) collect information and run IR processes on customers environment. Security teams can create generic playbooks (which can automatically pick the integration credentials relevant to the customer) and customer specific playbooks as-well.

Remote Agents
Chronicle SOAR platform has the ability to orchestrate and automate workflows on remote \ separated networks. This ability allows MSSPs to extend the use cases between their SOC and the customer.

Dashboards
Dashboards can be customer specific or generic.
In any case, it is always possible to filter a dashboard by environment.

Reports
Reports can be customer specific or generic. Chronicle SOAR provides periodic reports that can be generated automatically for different customers and purposes (e.g. weekly SLA, attacks statistics etc.) It is also possible to add customer logos to reports.