We’re still evaluating how Auth0 could help us with Identity and Authentication. I don’t know if I’m using the terms the way Auth0 defines them but I’ll give it a go. We’d like to have our customers (B2B) be able to have a single Auth0 Identity (login) that will provide them access to all of our software solutions based on who they wish to ‘be’ at the moment. For example, Joe may have the identity Joe@notreal.com and work for both Bob’s Discount Parts and Joe’s Garage. In addition, Joe may also be a supervisor at Bob’s Discount Parts in Tulsa, an employee at Bob’s, and a supervisor at Bob’s Discount Parts in Tacoma. Each of those companies may own different software from us and we may wish to give Joe different rights depending on which capacity he wishes to act. When Joe logs into Auth0 we want him to tell us ‘which Joe’ he would like to be for the purpose of this session and include that information in the claims returned to the initiating software. Eventually, we would like our customers (businesses) to be able to also offer their customers (consumers) Auth0 logins to access SaaS cloud offerings we have that our customers (businesses) have purchased.
I’m lost trying to figure out if Organizations holds the key for how we could/would do this or if we need to create a custom data structure we would query when they login or another solution altogether. Any nudge in the best direction would be appreciated.
This is a complex setup. Auth0 can certainly do it, either via Organizations or perhaps with account linking and multiple accounts, or even just SSO. Sounds like you will have 3rd party apps (which must federate to your Auth0 tenant).
In particular, choosing “which Joe” has the potential for being used incorrectly. “Joe” is defined by credentials, and I think you are saying a single set of credentials has access to multiple applications. In this case, SSO + silent auth, with some rules customizing the access token should give you what you need. Organizations will help organize (sorry) the B2B aspects.
I’d suggest a Professional Services engagement to architect this, due to the complexity.
Thanks for the reply John. It’s the “Auth0 can certainly do it” part I’m trying to understand at this point. Getting to a professional services engagement would be pre-mature since we haven’t made an actual purchase and we’re trying to understand which flavor of Auth0 we need. Are there any examples of this type of deployment (since it may be complex but it’s hardly unique) we could use in evaluating how Auth0 would do this? And yes, I’m saying a single set of credentials should allow someone to resolve access to multiple applications (all developed by us so they’ll all delegate Identity to Auth0) and should allow the logged in user to designate the role/persona/business they wish to use. Ideally, we’d like their choice to occur as part of the login process and not require further development by us. I know 100% we could write this ourselves on top of something like Duende’s Identity server but we’d rather not. Auth0 has significant enough advantages we are sold on using it as long as we know it can do this for us without a lot of custom development. Rules/functions are fine but we don’t want to have to build something outside of Auth0 for this.