I am currently building a single-tenant on premise application for a number of customers.
The idea is currently to give each tenant their own auth0 client and database, where I have ownership of the auth0 account.
It is a requirement that users should not be able to sign up, but a user admins within a tenant application will have their own user management module, where they can CRUD users.
First idea was to use the “https://auth0.com/docs/api/management/v2” to allow for user management, but on further inspection it seems like the management module only works across all connections.
Even if I put logic into the tenant server, so that a user will not be able to CRUD users outside his/her own tenant it seems very insecure that the on premise server has the client credentials to read all users across all tenants?
Any idea how to solve my problem?