Building a milti-tenant SaaS application on top of Auth0, I see that you can have a single user pool, but then create an organisation for each tenant in the SaaS application, which you can assign users to, and also assign the same user to many organisations.
Using this approach you can obtain a token which has the users current organisation embedded in which allows for a single trusted token to hold the current user-tenant mapping for their session.
This means though that each user has to be mapped into each organisation so they can obtain a token for that organisation.
The SaaS support users will need to have access to all organisations and it seems unfeasable to add the support user into each organisation, especially if you have 10,000+ organisations.
Is there any way to allow specific users access to any organisations without them being part of that organisation?
1 Like