Multi-tenant org structure with different projects and want to have one common app to login and auth
āUnsolvedāQuestion
We are trying to use Zitadel for our multi-tenant project. Details are as below:
- There will be many customers (companies) to use our application.
- In application, we create seprate organizations for each customer.
- Each customer will have different projects based on their requirements.
- Customers will have their own users. Each user will be created under its organization.
- There will be roles for projects. Indeed, all roles for all projects are same.
- User can be assigned to different project with organization with different roles. For example, user-A can be "role-1" in project-1. Whereas can have "role-2" and "role-3" on project-2.
- Each project can have different users with different roles. FOr example, project-1 can have user-A with role-1 and user-B can have role-2, role-5, role-6, etc.
- Even there are many organizations (customers), all users will login by using Zitadel.
- We want to keep organization strcuture and projects in Zitadel.
- User will login using Zitadel and ZItadel will return access token and also roles.
- We don't want to create separate apps for each projects in Zitadel.
- We want one app in somewhere in Zitadel. When user login with email, Zitadel will understand which org then will return user's projects and roles accordingly.
- How can we implement this in Zitadel?
- So far we defined one org to use as reference org. We created one project under it and app under this project. it is web app.
- For other customers, we created separate organizations. Can be hundreds of organizations like this.
- Each organization will have its own project or projects.
- when user login, access token and id token return only roles under the project where application is exist. But, this project is just entry point. no user and no roles here.
- There will be many customers (companies) to use our application.
- In application, we create seprate organizations for each customer.
- Each customer will have different projects based on their requirements.
- Customers will have their own users. Each user will be created under its organization.
- There will be roles for projects. Indeed, all roles for all projects are same.
- User can be assigned to different project with organization with different roles. For example, user-A can be "role-1" in project-1. Whereas can have "role-2" and "role-3" on project-2.
- Each project can have different users with different roles. FOr example, project-1 can have user-A with role-1 and user-B can have role-2, role-5, role-6, etc.
- Even there are many organizations (customers), all users will login by using Zitadel.
- We want to keep organization strcuture and projects in Zitadel.
- User will login using Zitadel and ZItadel will return access token and also roles.
- We don't want to create separate apps for each projects in Zitadel.
- We want one app in somewhere in Zitadel. When user login with email, Zitadel will understand which org then will return user's projects and roles accordingly.
- How can we implement this in Zitadel?
- So far we defined one org to use as reference org. We created one project under it and app under this project. it is web app.
- For other customers, we created separate organizations. Can be hundreds of organizations like this.
- Each organization will have its own project or projects.
- when user login, access token and id token return only roles under the project where application is exist. But, this project is just entry point. no user and no roles here.
