A tenant can mean a lot of things, and based on the type of application you are building these can be individual users or organizations. Regardless of the application, however, the main idea is that tenant's assets (devices, users, locations, etc.) should always be protected from unauthorized access.