Multi-tenant app where each tenant can have user login
Hi all,
Just wondering if anyone has done this before or has some thoughts on how to approach it.
I have a need to facilitate users being able to log in across multiple tenants, ideally with independent login credentials, where they will have different permissions in each tenant. For example, User A is an admin of Tenant A but is only a user of Tenant B. The ideal scenario would be that User A is never made aware of the fact that Tenant A and Tenant B run on the same platform.
Is it possible to do this with Supabase auth or would I need to roll my own auth solution? As far as I understand it, I would not be able to segregate
auth.users by tenant by adding a unique tenant_id - email constraint instead of just email being unique, but please correct me if that assumption is wrong7 Replies
just roll another table on top my dude... i do this:
auth.users -> on insert, create a public.user
public.users
public.organizations
public.users has a active_workspace_id
then lastly, public.org_users which keeps track of the mapping of what users belong to what organizations
This also shows how to use such a table for RLS with good performance. https://github.com/GaryAustin1/custom-properties
Maybe I wasn't clear enough, this isn't a case of just having orgs/workspaces, but more that each tenant has its own user management. A user can create an account on Tenant A, but that shouldnt mean they cant create a new account on Tenant B with a different password.
Each Tenant will have public users logging in through a custom "storefront", not just giving people in an org access to a dashboard with a workspace switcher
Basically a user with email "test@example.com" should be able to sign up with a different password for each tenant
That is not currently possible with Supabase auth.
An email is the same user as far as auth goes.
They have done some work on this though for the corporate level.
https://supabase.com/docs/guides/auth/enterprise-sso
This does allow multiple emails, but I don't think is relevant for what you are doing.
Enterprise Single Sign-On | Supabase Docs
Learn about Single Sign-On support in Supabase Auth for enterprise applications
That's a shame
I set my app up such that the users are "floating" objects. They exist on their own, and are given permissions to access a company's account. You login in using your one login account and then you have a menu to choose the company for which you're interested (and have proper permisisons, obviously).