We have a multi-tenant SaaS application which we would like to migrate to auth0 if it is a good fit.
When a company signs up, a tenant is created for them with the sign-up user as the first user (and admin) in the tenant. The admin can then add other users for the company. We know the tenant for a session based on the user ID.
I am trying to envision how auth0 would work for us:
- So for my signup screen, I would likely use the lock with additional fields for Phone and Company name, plus turn off allowLogin. When the user is created we would create a tenant ID for them, and store a mapping of auth0 id to a tenant ID in our local DB.
- For the login screen, I would turn off allowSignup, as this would just be for employees of the tenant who had an account created for them by the admin.
- In my user management screen, the admin would enter a user information (including email), and we would use the API to create that user. And once created in Auth0, then assign them a tenant mapping in our local user table.
- When a user authenticates, I would be able to determine the tenant by looking up the user in our table, which is the same way I am currently doing it.
- Does this flow make sense? Improvements?
- It seems in this example, I am essentially handling the tenancy myself. Is there a way to get auth0 to handle tenancy within my application?