We’re looking at using Auth0 for a couple of upcoming projects and previous experience was with StormPath (now part of Okta)… I’m trying to map the approach we’ve used in the past to Auth0.
Basically, past experience was that we had a single user “directory” that had all accounts/credentials in it. We then had multiple applications/environments that used that one directory. Users inside the directory were assigned Roles so that a user could have access to one or more environments for each application. A QA person might get app A’s Test environment, B-Test, C-Test, etc… devs might get A-Dev, A-Test, B-Dev, B-Test, etc… customers get A-Prod, or B-Prod, and so on.
The key was that we had just the one directory so an account in that directory could log in and either choose which app/environment to reach, or they would be auto-directed to an app/environment by going to a specific subdomain and authenticating there… but end of the day, they had one set of credentials to remember and all of those were in the single directory.
We’ve read the docs and it’s not 100% clear how to map this to Auth0… it doesn’t look like a “tenant” is a directory because the explanation we found in the docs is to create a tenant for each environment we need (and presumably each app/environment combination as we had more applications)… if we do that, it looks like a user may have to manage different credentials across apps/environments.
Is it possible to have a single “directory” and then use role/permissions within that to authenticate multiple apps/environments? How does the concept of a “tenant” fit into that approach? (note: ours is not a SaaS or multi-tenant application at all… this is largely an internal workflow system where we want to allow certain types of external access so we’re not just using an internal directory). Thanks.