Reputation: 4951
Using common user pool for multi-tenancy when a user can be in multiple tenants
some tenants will need their users to login using corporate identities. I would prefer to use a single-user pool for all tenants. Since the same user can be in multiple tenants, how do we identify which corporate identity to use to log the user in
Upvotes: 0
Views: 401
Answers (1)
Reputation: 7844
We can setup the authentication type or mode for each tenant in the tenant metadata. Ex: Tenant1:CustomAuthentication. Tenant2: Azure AD, Tenant3: On-Prem LDAP etc.
In this case, when the user enters his email address or chooses a tenant (through a tenant dropdown or tenant specific URL etc...), we pick the right authentication mode and then do the redirection accordingly. On receipt of the valid authentication, we do a cross check in the User pool and then allow the user to access the application based on his rights configured through Roles & Privileges.
This way, our Tenants, Tenant Users are all on a shared / common pool and the application data can be isolated to a different data store as such.
Upvotes: 1
Related Questions
- Amazon Cognito Multi-Tenant Best Approach
- Multi-Tenancy with Cognito: one big user pool or one pool per tenant?
- Using multiple AWS Cognito Userpools for Tenants
- Using Cognito User Pools, without Cognito Federated Identities(identity pools)
- AWS Cognito user pools on multi-tenant web app
- Outsystems:Is it possible to have same user in different tenants in a Multi-tenant application
- Cognito Users in Multi Tenant Webapp
- Multi Tenancy approach - UserId to N Tenants
- Dealing with duplicate and cross-tenant accounts in a multi-tenancy environment
- Multi-tenant User Model