I’m building a multi-tenanted application whereby each customer will have their own identity provider (typically Azure AD) and maybe 10-20 users. I followed the first suggestion in this blog post: Multi-Tenant Applications Best Practices i.e. I have one application in Auth0, with one Enterprise Connections per tenant.
However the Auth0 pricing suggests that even the highest paid tier (other that B2E which doesn’t list the specifics) allows only a maximum of 3 enterprise connections. This seems kind of arbitrary given I only have a limited number of users which span across the customers. Am I misunderstanding this limitation? It makes the the blog-post above a non-solution. Am I understanding correctly that if I wanted to have more than 3 connections I would need to purchase a custom B2E plan which would potentially be thousands of dollar per month?
If that’s the case is there a better way to deal with multi-tenancy other than creating multiple Auth0 tenants (that sounds difficult to manage)? Considering migrating to something like Azure B2C but just want to understand my options with Auth0.
I’m afraid you are indeed limited to 3 separate Enterprise connections unless moving to an Enterprise plan currently.
However, if you are on a B2B plan you can make use of Organizations, this is a recently added feature that allows you to separate your user base and manage them - whilst this would be still limited to 3 enterprise connections, it does make managing users from different customers easier within either a shared connection or separate connections (Database or Social for example).
If you only have 10-20 users per customer, I believe a Database connection (or one per customer) combined with the Organizations feature would be a better fit for your use case within Auth0. Alternatively, if your customers can support an OAuth flow, you could use custom social connections instead of/alongside Database connections.
Thanks @sgo for the clarification. Our customers have their own Azure AD (Office 365) tenants and we want them to have single sign-on with their work emails, so Database users and Social connections aren’t really an option and it’s why we wanted to use Enterprise connections.
The custom OAuth social connection sounds interesting and I wonder if that would play along with logging in against Azure AD tenants, since AAD is an OpenID provider…
At this stage though I’m investigating migrating to Azure B2C as it appears that they support unlimited OpenID external providers at no additional cost. As feedback to Auth0: I think this limit of 3 on enterprise connection is a little arbitrary and doesn’t quite scale right with everything else around your pricing model in the B2B space.