We’re currently in the planning stages of our build process for an app that will serve three main categories of users.
Some general notes about what we’re working on:
- It’ll be built using node (express) and react.
- The app will be a dashboard that has similar features to what you’d expect in any CRM tool. This tool will have two categories of users: internal users and external organization users.
- There will be a consumer-facing website which connects to a public API to submit leads to this CRM. This system is not going to have a ‘user context’ whatsoever - people will land on the site, fill out a form, and an AJAX call will occur, sending data directly from the client to the CRM. There will be no intermediary server with a machine-to-machine access token communicating to this API, so we may bypass Auth0 entirely for this portion.
Here’s what we need the app to support:
- The app will service internal employees of the primary organization. They can log in and have access to whatever actions / views they need to in order to do their job.
- There will be a second category of users: outside organizations. These organizations will have their own users, which have limited access to the app. They’ll all be logging in from the same URL, no custom branding or anything like that.
- We need to have an interface in place within our app, for the admin of external organizations to manage the users of their organization, and only their users.
- We need to have an interface in place for the admin of the primary organization, to be able to manage all organizations and all users of all organizations.
- Users can only belong to one organization, but admin users of the primary organization can see all users and all organizations and manage them.
We are trying to determine what the best way of segmenting users is, in this scenario, with Auth0.
- Do all users of all organizations end up in the same database store in Auth0, or do we have to dynamically set up individual database stores in Auth0 for each organization?
- What is the best practice here for defining, and segmenting which organization a user belongs to? Is it by tagging users with metadata on signup? How do we do this in a way that cannot be altered?
- We will need to have our own database in place to keep a record of all organizations, how is this typically ‘hooked up’ to Auth0 in a way where we can identify all users of any particular organization? Specifically: are we setting up metadata on a user account on signup, and ensuring that metadata value matches a value we have in our database?