We are planning on migrating our various systems to Auth0 and need a sanity check of a few things.
The types of systems we have:
- Internal - used by staff (1 App)
- B2B - used by trade and our staff (2 Apps)
- B2C - used by customers and our staff (2 Apps)
So ideally we’d like to centralise all the users into a single database, and then - using roles/rules change what systems they have permission to (this helps a lot for the staff since we don’t have to manage the users in 5 different places).
So question 1 is: Is it recommended to keep the users in a single DB or to keep the users in separate Databases, for example:
- Staff Database
- Trade Database
- Customer Database
The various systems are written/run on different platforms, ranging from Node through to WordPress, so considering the vast differences in the architecture of the applications, question 2: are there any early gotchas that we should be mindful of when implementing it?
Question 3: Is roles the right approach to go for restricting what the users can access? As I understand it I’m going to have to map the role/permissions from Auth0 back to the individual applications roles and line them up that way?
Thanks in advance, and apologies for the probably dumb questions, we just want to make sure we’re approaching this the right way and don’t regret it halfway through