Tenant-isolated member auth vs global Auth identity
authPost
Hi, I’m building a multi-tenant app. Auth currently handles internal app users (workspace owners/admins).
The app also has public tenant sites with audience members who need signup/login, password reset, email verification, etc.
Key requirement: member accounts should be isolated per tenant site, not behave as a single global platform identity.
Example:
If someone signs up on tenant A’s site, they should not appear logged in on tenant B’s site, and the same email may need to register separately across tenants.
Supabase Auth seems designed around a global identity namespace (auth.users).
What’s the recommended approach here?
- Single Supabase project + custom member auth tables (sessions, credentials, etc.) while keeping Supabase Auth for internal users
- Use Supabase Auth for everything but enforce tenant-scoped login behavior
- Separate Supabase project for member auth
Preferably I’d like to keep one Supabase project/database if possible.
Has anyone implemented tenant-isolated member authentication with Supabase? Any recommended patterns or pitfalls?
Thanks in advance.
Hi, I’m building a multi-tenant app. Auth currently handles internal app users (workspace owners/admins).
The app also has public tenant sites with audience members who need signup/login, password reset, email verification, etc.
Key requirement: member accounts should be isolated per tenant site, not behave as a single global platform identity.
Example:
If someone signs up on tenant A’s site, they should not appear logged in on tenant B’s site, and the same email may need to register separately across tenants.
Supabase Auth seems designed around a global identity namespace (auth.users).
What’s the recommended approach here?
- Single Supabase project + custom member auth tables (sessions, credentials, etc.) while keeping Supabase Auth for internal users
- Use Supabase Auth for everything but enforce tenant-scoped login behavior
- Separate Supabase project for member auth
Preferably I’d like to keep one Supabase project/database if possible.
Has anyone implemented tenant-isolated member authentication with Supabase? Any recommended patterns or pitfalls?
Thanks in advance.
