Multi-Tenant Architecture with LiteLLM
Overviewβ
LiteLLM provides a centralized solution that scales across multiple tenants, enabling organizations to:
- Centrally manage LLM access for multiple tenants (organizations, teams, departments)
- Isolate spend and usage across different organizational units
- Delegate administration without compromising security
- Track costs at granular levels (organization β team β user β key)
- Scale seamlessly as new teams and users are added
- Teams + Virtual Keys: β Available in open source
- Organizations + Org Admins: β¨ Enterprise feature (Get a 7 day trial)
You can implement multi-tenancy using Teams alone in the open source version, or add Organizations on top for additional hierarchy in the enterprise version.
The Multi-Tenant Challengeβ
Organizations with multi-tenant architectures face several challenges when deploying LLM solutions:
- Centralized vs. Decentralized: Need a single unified gateway while maintaining tenant isolation
- Cost Attribution: Tracking spend across different business units, departments, or customers
- Access Control: Different teams need different models, budgets, and rate limits
- Delegation: Team leads should manage their teams without platform-wide admin access
- Scalability: Solution must scale from 10 to 10,000+ users without architectural changes
How LiteLLM Solves Multi-Tenancyβ
LiteLLM implements a hierarchical multi-tenant architecture with four levels:
1. Organizations (Top-Level Tenants) β¨ Enterprise Featureβ
Organizations represent the highest level of tenant isolation - typically different business units, departments, or customers.
- Each organization has its own:
- Budget limits
- Allowed models
- Admin users (org admins)
- Teams
- Spend tracking
Use Cases:
- Enterprise Departments: Separate organizations for Engineering, Marketing, Sales
- Multi-Customer SaaS: Each customer is an organization with full isolation
- Geographic Regions: EMEA, APAC, Americas as separate organizations
Key Features:
- Organizations cannot see each other's data
- Each organization can have multiple teams
- Organization admins manage teams within their organization only
- Spend and usage tracked at organization level
API Reference for Organizations
2. Teams (Mid-Level Grouping) β Open Sourceβ
Teams can work independently or sit within organizations, representing logical groupings of users working together.
Teams are available in open source and can be used as your primary multi-tenant boundary without needing Organizations. Organizations provide an additional layer of hierarchy for enterprise deployments.
- Each team has:
- Team-specific budgets and rate limits
- Team admins who manage members
- Service account keys for shared resources
- Model access controls
- Granular team member permissions
Use Cases:
- Project Teams: ML Research team, Product team, Data Science team
- Customer Sub-Groups: Different divisions within a customer organization
- Environment Separation: Development, Staging, Production teams
Key Features:
- Teams inherit organization constraints (can't exceed org budget/models)
- Team admins can manage their team without affecting others
- Service account keys survive team member changes
- Per-team spend tracking and billing
3. Users (Individual Members) β Open Sourceβ
Users are individuals who belong to teams and create/use API keys.
- Each user can:
- Belong to multiple teams
- Have their own budget limits
- Create personal API keys
- Track individual spend
User Types:
- Internal Users: Employees, developers, data scientists
- Team Admins: Lead their teams, manage members
- Org Admins: Manage multiple teams within their organization
- Proxy Admins: Platform-wide administrators
Key Features:
- User spend tracked individually
- Users can be on multiple teams simultaneously
- Role-based permissions control what users can do
- User keys deleted when user is removed
4. Virtual Keys (Authentication Layer) β Open Sourceβ
Virtual Keys are the API keys used to authenticate requests and track spend.
Each key can be one of three types:
| Key Type | Configuration | Use Case | Spend Tracking | Lifecycle |
|---|---|---|---|---|
| User-only | user_id only | Developer personal keys | User level | Deleted with user |
| Team Service Account | team_id only | Production apps, CI/CD | Team level | Survives member changes |
| User + Team | Both user_id and team_id | User within team context | User AND Team | Deleted with user |
Example Scenarios:
- Use user-only keys for developers testing locally
- Use team service account keys for your production application that shouldn't break when employees leave
- Use user + team keys when you want individual accountability within a team budget
Role-Based Access Control (RBAC)β
LiteLLM provides granular RBAC across the hierarchy:
Global Proxy Roles (Platform-Wide)β
| Role | Scope | Permissions |
|---|---|---|
| Proxy Admin | Entire platform | Create orgs, teams, users. View all spend. Full control. |
| Proxy Admin Viewer | Entire platform | View-only access to all data. Cannot make changes. |
| Internal User | Own resources | Create/delete own keys. View own spend. |
Organization/Team Roles (Scoped)β
| Role | Scope | Permissions |
|---|---|---|
| Org Admin β¨ | Specific organization | Create teams, add users, view org spend within their org only. |
| Team Admin β¨ | Specific team | Manage team members, rate limits, and keys within their team only. May keep or lower team max_budget; raising it requires a proxy admin. |
β¨ = Premium Feature
Team Member Permissionsβ
Team admins can configure granular permissions for regular team members:
Read-only (default):
["/key/info", "/key/health"]
Allow key creation:
["/key/info", "/key/health", "/key/generate", "/key/update"]
Full key management:
["/key/info", "/key/health", "/key/generate", "/key/update", "/key/delete", "/key/regenerate", "/key/block", "/key/unblock"]
Spend Tracking & Cost Attributionβ
LiteLLM provides multi-level spend tracking that flows through the hierarchy:
Hierarchical Spend Flowβ
Organization Spend
βββ Team 1 Spend
β βββ User A Spend
β β βββ Key 1 Spend
β β βββ Key 2 Spend
β βββ Service Account Spend
β βββ Key 3 Spend
βββ Team 2 Spend
βββ User B Spend
βββ Key 4 Spend
Budget Enforcementβ
Budgets can be set at every level with inheritance:
- Organization Budget:
$10,000/month- Team 1:
$6,000/month(within org limit)- User A:
$3,000/month(within team limit) - User B:
$3,000/month(within team limit)
- User A:
- Team 2:
$4,000/month(within org limit)
- Team 1:
Enforcement Rules:
- Team budgets cannot exceed organization budget
- User budgets cannot exceed team budget
- Requests blocked when any level exceeds budget
- Real-time tracking prevents overruns
Common Multi-Tenant Patternsβ
Pattern 1: Enterprise Departmentsβ
Scenario: Large enterprise with multiple departments needing centralized LLM access
Enterprise Setup (with Organizations):
Platform (LiteLLM Instance)
βββ Engineering Organization β¨
β βββ Backend Team
β βββ Frontend Team
β βββ ML Team
βββ Marketing Organization β¨
β βββ Content Team
β βββ Analytics Team
βββ Sales Organization β¨
βββ Sales Ops Team
βββ Customer Success Team
Open Source Alternative (Teams only):
Platform (LiteLLM Instance)
βββ Engineering Backend Team
βββ Engineering Frontend Team
βββ Engineering ML Team
βββ Marketing Content Team
βββ Marketing Analytics Team
βββ Sales Ops Team
βββ Customer Success Team
Benefits:
- Each department/team manages their own budget
- Department leads (org/team admins) control their teams
- Centralized billing and model access
- Cross-department cost visibility for finance
Pattern 2: Multi-Customer SaaSβ
Scenario: SaaS provider offering LLM-powered features to multiple customers
Enterprise Setup (with Organizations):
Platform (LiteLLM Instance)
βββ Customer A Organization β¨
β βββ Production Team (Service Accounts)
β βββ Development Team
β βββ QA Team
βββ Customer B Organization β¨
β βββ Production Team (Service Accounts)
β βββ Development Team
βββ Customer C Organization β¨
βββ Production Team (Service Accounts)
Open Source Alternative (Teams only):
Platform (LiteLLM Instance)
βββ Customer A Production Team (Service Accounts)
βββ Customer A Development Team
βββ Customer A QA Team
βββ Customer B Production Team (Service Accounts)
βββ Customer B Development Team
βββ Customer C Production Team (Service Accounts)
Benefits:
- Complete isolation between customers/teams
- Per-customer/team billing and usage tracking
- Customer/team admins can self-serve
- Production service account keys survive employee turnover
Pattern 3: Environment Separationβ
Scenario: Single organization with multiple environments
Platform (LiteLLM Instance)
βββ Company Organization
βββ Production Team
β βββ Service Account Keys (strict rate limits)
βββ Staging Team
β βββ Service Account Keys (moderate limits)
βββ Development Team
βββ User Keys (generous limits for testing)
Benefits:
- Separate budgets for each environment
- Different model access (production vs. development)
- Prevent development usage from affecting production budget
- Easy cost attribution by environment
Delegation & Self-Serviceβ
One of LiteLLM's key advantages is delegated administration:
Without LiteLLMβ
Every team β Requests platform admin β Admin makes changes
β Bottleneck on platform team
β Slow onboarding
β Poor scalability
With LiteLLMβ
Proxy Admin β Creates org + org admin
Org Admin β Creates teams + team admins
Team Admin β Manages their team independently
β
Decentralized management
β
Fast onboarding
β
Scales to thousands of users
Self-Service Capabilitiesβ
Team Admins Can:
- Add/remove team members
- Create API keys for team members
- Update team rate limits; keep or lower team
max_budget(raisingmax_budgetrequires a proxy admin; org-scoped teams also stay within org limits) - Configure team member permissions
- View team usage and spend
Org Admins Can:
- Create new teams within their organization
- Assign team admins
- View organization-wide spend
- Manage users across their teams
Platform Admins Can:
- Create organizations
- Assign org admins
- Set organization-level policies
- View platform-wide analytics
Scalabilityβ
LiteLLM's architecture scales from small teams to enterprise deployments:
Small Team (10-100 users)β
- Single organization
- Few teams (5-10)
- Proxy admins manage everything
Mid-Size (100-1,000 users)β
- Multiple organizations
- Many teams (50+)
- Org admins delegate to team admins
Enterprise (1,000+ users)β
- Many organizations (departments/regions)
- Hundreds of teams
- Fully delegated admin structure
- Centralized observability and billing
Key Scalability Features:
- No architectural changes needed as you grow
- Database-backed (PostgreSQL) for reliability
- Horizontal scaling support
- Efficient spend tracking and logging
Security & Isolationβ
Tenant Isolationβ
Each tenant (organization) is isolated:
- β Cannot view other organizations' data
- β Cannot access other organizations' keys
- β Cannot exceed their budget limits
- β Cannot access models not in their allowed list
Authentication Securityβ
- Master key for platform admins
- Virtual keys with scoped permissions
- SSO integration support
- JWT authentication
- IP allowlisting
Audit & Complianceβ
- All API calls logged with user/team/org context
- Spend tracking for chargeback/showback
- Admin actions audited
- Integration with observability tools
Getting Startedβ
The steps below show the full enterprise hierarchy with Organizations.
For open source, skip Steps 1-2 and start directly with Step 3 (creating teams). Teams can function as your top-level tenant boundary without Organizations.
Step 1: Set Up Organizations β¨ Enterpriseβ
Create your first organization:
curl --location 'http://0.0.0.0:4000/organization/new' \
--header 'Authorization: Bearer sk-1234' \
--header 'Content-Type: application/json' \
--data '{
"organization_alias": "engineering_department",
"models": ["gpt-4", "gpt-4o", "claude-3-5-sonnet"],
"max_budget": 10000
}'
Step 2: Add an Organization Admin β¨ Enterpriseβ
curl -X POST 'http://0.0.0.0:4000/organization/member_add' \
-H 'Authorization: Bearer sk-1234' \
-H 'Content-Type: application/json' \
-d '{
"organization_id": "org-123",
"member": {
"role": "org_admin",
"user_id": "admin@company.com"
}
}'
Step 3: Create Teams β Open Sourceβ
For Enterprise: Organization admin creates team within their organization
For Open Source: Proxy admin creates team directly (no organization_id needed)
# Enterprise: Org admin creates team in their organization
curl --location 'http://0.0.0.0:4000/team/new' \
--header 'Authorization: Bearer sk-org-admin-key' \
--header 'Content-Type: application/json' \
--data '{
"team_alias": "ml_team",
"organization_id": "org-123",
"max_budget": 5000
}'
# Open Source: Proxy admin creates team directly
curl --location 'http://0.0.0.0:4000/team/new' \
--header 'Authorization: Bearer sk-1234' \
--header 'Content-Type: application/json' \
--data '{
"team_alias": "ml_team",
"max_budget": 5000
}'
Step 4: Add Team Adminβ
curl -X POST 'http://0.0.0.0:4000/team/member_add' \
-H 'Authorization: Bearer sk-org-admin-key' \
-H 'Content-Type: application/json' \
-d '{
"team_id": "team-456",
"member": {
"role": "admin",
"user_id": "team-lead@company.com"
}
}'
Step 5: Team Admin Manages Their Teamβ
# Team admin adds members
curl -X POST 'http://0.0.0.0:4000/team/member_add' \
-H 'Authorization: Bearer sk-team-admin-key' \
-H 'Content-Type: application/json' \
-d '{
"team_id": "team-456",
"member": {
"role": "user",
"user_id": "developer@company.com"
}
}'
# Team admin creates keys for members
curl --location 'http://0.0.0.0:4000/key/generate' \
--header 'Authorization: Bearer sk-team-admin-key' \
--header 'Content-Type: application/json' \
--data '{
"user_id": "developer@company.com",
"team_id": "team-456"
}'
Use Case Examplesβ
Example 1: Chargeback Modelβ
Goal: Each business unit pays for their own LLM usage
Setup:
- Create organization per business unit
- Set budgets based on allocated budgets
- Track spend per organization
- Generate monthly reports for finance
Result: Finance can charge back costs to respective departments with accurate attribution.
Example 2: Customer-Facing AI Productβ
Goal: Provide LLM capabilities to customers with isolation and cost tracking
Setup:
- Create organization per customer
- Use service account keys for production workloads
- Track spend per customer organization
- Set rate limits per customer tier
Result: Bill customers accurately, prevent noisy neighbors, maintain isolation.
Example 3: Development vs. Productionβ
Goal: Separate development and production environments with different policies
Setup:
- Create "Development" and "Production" teams
- Development: Generous budgets, all models, user keys
- Production: Strict budgets, approved models only, service account keys
- Different rate limits per environment
Result: Developers can experiment freely without impacting production budget or reliability.
Best Practicesβ
1. Organization Designβ
- β Map organizations to cost centers or customers
- β Set realistic budgets with buffer for growth
- β Assign 1-2 org admins per organization
- β Don't create too many organizations (adds management overhead)
2. Team Structureβ
- β Keep teams aligned with actual working groups
- β Use service account keys for production
- β Give team admins enough permissions to self-serve
- β Don't create single-user teams (use user-only keys instead)
3. Key Managementβ
- β Use descriptive key names
- β Rotate keys regularly
- β Delete unused keys
- β Use appropriate key type for use case
- β Don't share keys across users/teams
4. Budget Managementβ
- β Set budgets at multiple levels (org β team β user)
- β Monitor spend regularly
- β Alert before budget exhaustion
- β Don't set budgets too tight (may block legitimate usage)
5. Delegationβ
- β Assign org admins for large organizations
- β Assign team admins for active teams
- β Configure team member permissions appropriately
- β Don't make everyone a proxy admin
Monitoring & Observabilityβ
LiteLLM provides comprehensive monitoring:
- Spend Tracking: Real-time spend by org/team/user/key
- Usage Analytics: Request counts, token usage, model usage
- Admin UI: Visual dashboard for all metrics
- Logging: Detailed logs with tenant context
- Alerting: Budget alerts, rate limit alerts, error alerts
Comparison with Other Approachesβ
| Approach | Pros | Cons | LiteLLM Advantage |
|---|---|---|---|
| Separate instances per tenant | Strong isolation | High operational overhead, cost inefficient | Single instance, same isolation, 90% cost reduction |
| Single shared pool | Simple setup | No cost attribution, no access control | Full attribution, granular access control |
| API key prefixes | Basic separation | Manual tracking, no hierarchy, no RBAC | Automatic tracking, hierarchical, full RBAC |
| External auth layer | Flexible | Complex integration, no built-in budgets | Native integration, built-in budgets |
FAQβ
Q: Can users belong to multiple teams?
A: Yes, users can be members of multiple teams and have different keys for each team.
Q: What happens when a user leaves?
A: User-specific keys are deleted, but team service account keys remain active.
Q: Can team budgets exceed organization budget?
A: No, the system enforces that team budgets cannot exceed their organization's budget.
Q: How granular is the cost tracking?
A: Every API call is tracked with organization, team, user, and key context.
Q: Can I have teams without organizations?
A: Yes! Teams work independently in open source without needing Organizations. Organizations are an enterprise feature that adds an additional hierarchy layer on top of teams.
Q: Is there a limit to hierarchy depth?
A: The hierarchy is: Organization β Team β User β Key (4 levels). This covers most use cases.
Q: How do I migrate from flat structure to hierarchical?
A: You can gradually create organizations and teams, then move existing users/keys into them.
Related Documentationβ
- User Management Hierarchy - Visual hierarchy overview
- Access Control (RBAC) - Detailed role permissions
- Team Budgets - Budget management guide
- Virtual Keys - API key management
- Admin UI - Visual dashboard for management
Summaryβ
LiteLLM solves multi-tenant architecture challenges through:
- Hierarchical Structure: Organizations β Teams β Users β Keys
- Granular RBAC: Platform-wide and tenant-scoped roles
- Cost Attribution: Spend tracking at every level
- Delegation: Org admins and team admins self-manage
- Isolation: Strong tenant boundaries
- Scalability: Handles 10 to 10,000+ users with same architecture
Open Source vs. Enterpriseβ
Open Source (Teams + Users + Keys):
- β Teams as primary tenant boundary
- β Team admins manage their teams
- β Virtual keys with team/user tracking
- β Budget and rate limits per team
- β Spend tracking and logging
Enterprise (Adds Organizations layer):
- β¨ Organizations for top-level tenant isolation
- β¨ Organization admins manage multiple teams
- β¨ Organization-level budgets and model access
- β¨ Hierarchical delegation and reporting
This makes LiteLLM ideal for:
- β Enterprises with multiple departments
- β SaaS providers with multiple customers
- β Organizations needing cost chargeback/showback
- β Teams requiring self-service LLM access
- β Any multi-tenant LLM deployment