Organization B2B limits and use case

Hi all, my team is currently designing a solution around the B2B essentials tier for our product and I was not sure about the limits/use of Organizations in our context. I wanted to briefly share the use case here and make sure that our approach is sound and the project will scale correctly long term…

We currently have a single business customer we are deploying our applications with in order to view dashboards and create various owned resources. Access to the backing datasets will need users to have object level permissions based on what internal company agency they belong to. The company agencies are more or less well defined in the dataset and might be between 1-50 depending on which departments will need to access this dataset in isolation.

Furthermore we as staff are controlling user invite/signup through the auth0 dashboard. We are not scoped to roll our own admin dashboard and do want to have User Agency relations represented on our backend if at all possible.

It seems that Organizations will fit this use case for us with a little customization:

  • We create Organizations that map 1:M with the internal agencies in our deployment
    • We use org_metadata k:v to store ids for business logic on our side.
  • Use an Action to inject org_metadata into both Id and Access token for use on frontend and API
    • This lets us store user created resources with these ids on our side without having to have representations
  • Use Org invites/ roles to bring in members and set other RBAC permissions within their Org. A user can belong to many Orgs in our case but can only access data available to the Org they are logged into.

With this approach we would rely on Auth0 Tenant to create dev and production deployments. If we expand beyond our one business customer (which we hope to do) then our idea is to simply add another production tenant with the same basic config but different Organizations, api audiences, applications etc.

My main concern is that while there is a 50 Organization limit, is that on a per Auth0 Tenant basis or across all Auth0 tenants for the tier? Will our approach above scale correctly across multiple auth0 tenants? If not, what are some alternatives?

Thanks very much for your help