zitadel different user bubbles with overlap
π¬Self-hostedβQuestionβUnsolved
hey i have a bit of a weird/niche usecase and i'm wondering if zitadel can handle it
i need sso provider (and wana setup zitadel for it) to handle a bunch of services that broadly fall into different categories
- private internal staff services
- customer dashboard/billing
- semi-public services (access to anyone but account required to limit spam and malicious actors)
the private staff stuff should have far stricter security requirements then the rest for obvious reasons.
for the customer dashboard/billing we need the user to be known/logged in with another external oauth resource so we know who they are on the platform
now these customers could and might also use some of the semi-public services and it would be nice if these accounts could be "linked" so there's only a single sso account for these users. would also be nice if internal staff could impersonate
also 2 and 3 would be running on the same root domain.
is this possible at all? should i have all these in a single org or should these be 3 different orgs with users signing in/out as needed to move between them?
i need sso provider (and wana setup zitadel for it) to handle a bunch of services that broadly fall into different categories
- private internal staff services
- customer dashboard/billing
- semi-public services (access to anyone but account required to limit spam and malicious actors)
the private staff stuff should have far stricter security requirements then the rest for obvious reasons.
for the customer dashboard/billing we need the user to be known/logged in with another external oauth resource so we know who they are on the platform
now these customers could and might also use some of the semi-public services and it would be nice if these accounts could be "linked" so there's only a single sso account for these users. would also be nice if internal staff could impersonate
also 2 and 3 would be running on the same root domain.
is this possible at all? should i have all these in a single org or should these be 3 different orgs with users signing in/out as needed to move between them?
