Multi-tenancy setup and user changing the email
Context: I’m building a multi-tenancy, white-label app. It's an education platform, B2B2C model. I have a platform, where creators (mentors, teachers) can prepare a course. One teacher can have multiple courses. Students can have access to just part of them, but across many organisations (tenants). There is also a student portal, where students can login, if they are invited to (like edu.example1.com, med.example2.dev). I'm using NextJS.
The issue is: users in Kinde are global (per env). So in a scenario like this:
1. User is a student in Org1 (edu.example1.com)
2. User is also a student in Org2 (med.example2.dev)
3. User would like to change the email for Org1
(!) but the email will be changed for both tenants, right? That's the problem. In my case, users should be fully separated per each tenant. Changing email/password in one instance shouldn't affect the other. Does Kinde support it? Any idea how to solve it?
3 Replies
Hi Adam,
You're right. In Kinde, users are global within an environment. So if a student is part of two organizations, any change to their email or password will apply to both. This doesn’t work well for your case where users should be fully separated per tenant.
Kinde doesn’t currently support tenant-level user separation within the same environment, but this feature is on our backlog.
Here are a few possible workarounds for now:
1. Use separate Kinde environments per tenant or tenant group, full isolation, but more to manage.
2. Require different emails per tenant, which forces separate user profiles in Kinde.
3. Use enterprise connections at the org level (available on Scale plan), users sign in directly to a specific org.
4. Custom auth layer outside Kinde, if you need strict tenant-level separation.
Would you like us to add you to the feature request so you're notified when it becomes available?
Hi,
Thanks for the quick response. You can add me to be notified
Any estimate when this feature will be production ready?
Hi Adam,
Thanks, I’ve added you to the list to be notified once this feature is available.
It’s currently in our backlog, so it might take a while, but I’ll check in with our team to see if there’s any timeline or estimate we can share. I’ll keep you posted.
Let me know if you need help exploring any of the workarounds in the meantime.
Hi Adam,
Just a quick note, I’m aware my teammate Oli has also been chatting with you about the unique user pool per org feature.
If you’d like more details or to discuss the direction of the feature further, I’d recommend continuing the conversation with Oli directly, he’ll have the most up-to-date context.
Let me know if there’s anything else I can help with in the meantime!