We have a situation that appears to be somewhat unique, and I’d appreciate someone taking a look! Essentially, we have an API that we’d like to offer to partners for users of their application to access, and we’d like to use Auth0 to secure the API. The trick is in the combination of requirements:
- The third-party partner application should authenticate with our API as the Tenant, not as an individual user (put another way, each Tenant will have several actual users in reality, which are managed by the partner, but our API will register all authentication and traffic as coming from the Tenant).
- Authenticating with our API should be transparent to the individual user.
Is this possible? Is this advisable? Our business relationship with our partners is conducted at the Tenant/Account level, and traffic is monitored in the same way - we have no interest in knowing anything about the individual users.