Per-installation segregation

Hi, our current B2B application architecture has a model where every customer gets a single-tenant hosted installation of our service:

  • We create dedicated subdomains for each user organization (e.g. https://auth0.blameless.io)
  • We have domain-based rules that allow users to create accounts on their own apps (@blameless.io emails can automatically sign into blameless.blameless.io)
  • We prevent free account creations and don’t have a flow beyond a paid installations
  • Each installation has its own service interacting with auth0 and could provide different credentials

I was wondering based on this setup, how can we segregate the rules on a per-installation basis, how do we isolate the access that each installation gets and still manage to use a single auth0 setup for easier management.

Thanks!

Hi @santi, just checking this now.
Not sure if this is too obvious, but would checking the client_id on each rule help for this scenario? you’d have to check for certain client_id on the rules that you’ll be using and then that rule will be triggered (or not) for that specific client.

If that does not work/help, please let me know, expand the case a little bit more, and I’ll try to help you out with another solution.