We are planning on migrating our various systems to Auth0 and need a sanity check of a few things.
The types of systems we have:
Internal - used by staff (1 App)
B2B - used by trade and our staff (2 Apps)
B2C - used by customers and our staff (2 Apps)
So ideally we’d like to centralise all the users into a single database, and then - using roles/rules change what systems they have permission to (this helps a lot for the staff since we don’t have to manage the users in 5 different places).
So question 1 is: Is it recommended to keep the users in a single DB or to keep the users in separate Databases, for example:
Staff Database
Trade Database
Customer Database
The various systems are written/run on different platforms, ranging from Node through to WordPress, so considering the vast differences in the architecture of the applications, question 2: are there any early gotchas that we should be mindful of when implementing it?
Question 3: Is roles the right approach to go for restricting what the users can access? As I understand it I’m going to have to map the role/permissions from Auth0 back to the individual applications roles and line them up that way?
Thanks in advance, and apologies for the probably dumb questions, we just want to make sure we’re approaching this the right way and don’t regret it halfway through
I would have trouble answering your questions in a 1 page post. I’d need to know a LOT more about the different kinds of users, where they are stored, how they are validated. There are TONS of gotchas to be mindful of, without knowing details, it is hard to begin.
Roles are great for defining access, but they have limitations. I’d need to know a lot about the permission framework you need, how you are restricting access etc.
Sorry for this reply - I wanted you to know that these general questions are really hard to respond to. If you are with a company, I’d recommend Auth0 Professional Services health check offering for this.
Regarding roles, you will have more of them for staff, especially to implement separation of duties (SOD). For B2B, are you planning to have any delegated administration among the trades? For example, if you configure Auth0 orgs for each of the trades, you may have one or a few roles. For customers, that would the role. These are just some cursory thoughts - as John mentioned, a session with experts will help you get to the strategy with all details taken into account. Please let me know if I can assist further or under a statement of work.
The route we ended up taking is to combine all users into a single DB and then assign Roles to each user that has access to certain systems. Then within those systems is to create some logic to determine which roles are permitted for login. Seems to be working well for us! And we get the benefit of a single user to manage on Auth0 as well
