We have implemented multi-tenancy like this.
- If you use multiple clients, you will need to create these and databases (auth0 or custom) dynamically, retrieve and store all the various keys and Ids, then connect to individual tenants using this information. I don’t think this overhead is necessary and believe 1 database and 1 client will be best.
In recent times, creating new clients, confirms to different standards, for instance Client created after a certain date behave differently (without notification) So you may find that your integration breaks without warning, for this reason I would also stick to 1 client. - I don’t think there is a limit on the number Auth0 databases/connections? It may be additional cost to run your own/custom database, sure of the overhead and cost for that.
- When user info is retrieved, you will need to pull/translate any metadata into claims using a “rule” on your Auth0 account. We store the basic things like TenantId, Role etc, return these as claims then within our app manage additional/internal claims based on roles. If you are using this for single sign on, you may need to store all your claims in the metatdata to share with other apps.
Impersonation is a handy feature, but not sure how that works across Clients?
Hope this helps.