I’m interested in integrating Auth0 into my application. My customers themselves have a front facing portal that thousands of users login to - each of them want their own authentication options, social providers, etc.
Your multitenancy seems a natural fit for this use case. I think, based on how you are set up, each of my customers will need two tenants - one for their staff ( they might have their own Active Directory, for instance), and one for their customers. If I have 1,000 customers, this means I need 2,000 Auth0 tenants.
Am I thinking about this properly? Are there best practices around this? Also, I noticed the UI around switching tenants seems to only contemplate a handful of tenants - can you support thousands?
Hi @andrew. If you want complete independence between your customers, then separate tenants would be the way to go.
Auth0 unfortunately doesn’t currently offer a way to create individual tenants via API, so the first step still is a manual operation. Note that much of the setup (like configuring social providers) will likely involve manual setup as well. For instance, if you sell your app to Acme, and Acme wishes to use Google as a social provider, then Acme will have to set up the application on the Google side and get the app key and secret.
If you sell your application to thousands of customers and you will manage the corresponding Auth0 tenant for them, you will most likely have to automate this as much as possible (except for the initial tenant creation), so the dashboard will likely not be used except maybe for testing purposes, so the tenant switching will not be much of an issue.
You will also need to contemplate the issue of billing. Would you also handle the cost of each tenant on your customer’s behalf, or will they pay for the subscriptions? If the former, I’d encourage you to reach out to our sales team for a way to make this work as seamless as possible.
OK - so this is a big surprise - that I can’t automate tenant creation via the API. I assumed everything was possible via the API, so this is a big deal. For things like trials/demos, this might really be a problem. Any plans to automate?
As far as domain switching - we don’t plan to try to make the entire featureset of Auth0 available through our UI, that would be a daunting task. So we are going to use the UI quite a bit for things like ,say - enabling Active Directory for a customer. Given that we’d have, say, hundreds of tenants - do you see any issue with tenant switching?
OK - so this is a big surprise - that I can’t automate tenant creation via the API. I assumed everything was possible via the API, so this is a big deal. For things like trials/demos, this might really be a problem. Any plans to automate?
This is something that has come up before, and Product has their eyes on. I don’t have any hard dates to provide, but I expect this to be available at some point (most likely for enterprise subscriptions).
As far as domain switching - we don’t plan to try to make the entire featureset of Auth0 available through our UI, that would be a daunting task. So we are going to use the UI quite a bit for things like ,say - enabling Active Directory for a customer. Given that we’d have, say, hundreds of tenants - do you see any issue with tenant switching?
I haven’t honestly tried that. The switch tenant UI has a search box which should make this easier, and there’s a new version of the dashboard coming soon that will have the tenant name as part of the URL, which should also make things easier.
In any case, your scenario seems big enough to warrant some additional exploration. I’d encourage you to reach out to our sales team to discuss these thoughts and maybe loop someone from Professional Services in the conversation.