Use case scenario with internal and external users - how to setup?
❌Unsolved🪵Login❓Question🏗️Architecture🔗OIDC
We are launching a collaboration platform where we are using organisations to separate user domains (which are SMB companies, usueally). For the different apps in the platform (like docs, mail etc) we configured óne APP, so we share the client_id to make SSO possible (log in once for one app, authenticated for the others).
Q1: is this a correct way of doing this?
We create the internal users as users in the organisation. They (usually) share the same domainname, like in Google Workspace or O365. This works fine, and we can also use Zitadel as a source for internal users / SCIM / or autocomplete lists on sharing dialogs.
But I also 'need' to craete external users. People that are invited to collaborate on a document. I want them to authenticate with that same app, but I want them separated as 'users' (so they don't show up in those lists). And, preferrably, cannot use the other apps
Q2: this seems impossible since we have 1 client_id for all apps - but maybe there are other ways with roles?
The fact that we can manage internal and external users for a domain is actually powerfull but we struggle in separation. Any experiences on this? Or trade-offs that we can think of?
Q1: is this a correct way of doing this?
We create the internal users as users in the organisation. They (usually) share the same domainname, like in Google Workspace or O365. This works fine, and we can also use Zitadel as a source for internal users / SCIM / or autocomplete lists on sharing dialogs.
But I also 'need' to craete external users. People that are invited to collaborate on a document. I want them to authenticate with that same app, but I want them separated as 'users' (so they don't show up in those lists). And, preferrably, cannot use the other apps
Q2: this seems impossible since we have 1 client_id for all apps - but maybe there are other ways with roles?
The fact that we can manage internal and external users for a domain is actually powerfull but we struggle in separation. Any experiences on this? Or trade-offs that we can think of?
