We are evaluating Auth0 to replace our own user management solution. We will not offer SSO using external providers, and we issue users with username/password. We have multiple external applications with a single client id + secret and each tenant consent on a tenant level for that external application to integrate with our public API. We host a multi-tenant SaaS application
We fail to see the configuration design (or even support) for such replacement using Auth0. We’ve gone so far using metadata to create the single-Auth0 w. multiple users, however, the consent flow then allows access for cross-tenant.
We were happy to see the feedback as per Providing 3rd party integrations within a Multi-tenant environment using applications, yet no solution is posted.
Does anyone have a design-pattern how Auth0 can attain this idea?
We certainly support 3rd party apps: here are a few links to get you started:
A couple of things:
Each 3rd party app should have its own client ID and secret, the id/secret should not be shared among your “multiple external applications”.
You should never “issue users with username/password”. It is much better to issue users a username, and let them choose their own password.
Thanks for the reply. None of the articles explain how to drive this in a single-Auth0 environment with multiple tenants? We did enables 3rd party applications, yet on consent we either have to drive consent only on user level (which is not the case), or create a single 3rd party application per tenant, making the administration of 3rd party clientid+secret a mess.
Can you advise?
I am not following - tenant has too many meanings.
Can you clarify - are you talking about users existing in multiple Auth0 tenants?
Or a single Auth0 tenant hosting multiple client tenants?
And where does consent come in to this?
Hi John -
A tenant for us is a customer. Typically split by a domain name like microsoft.com, google.com or mycompany.com. We create users within Auth0 (single database, single Auth0) splitting each of these customers. That is multitenancy. They login with username/password (stored in Auth0).
We want to use to use Auth0 to create application credentials for an oauth client credential flow. Each application, would require any ISV to create a company and register the appliction. That would include tenant myisv.com.
So that mycompany.com can consent to have myisv.com’s application enabled.
If you read the old conversation other users have been searching for the same approach.
Given that you are evaulating Auth0: please contact your Auth0 sales team and talk to them about this. You’ll get a clearer answer working with them than doing it via the Community.