Skip to main content

Key objects

Organization object

A tenant in your app, typically used for your top-level customers.

Member object

An individual end user’s account within an Organization.

Overview

In multi-tenant applications, a business account owner (organization) is in control of who (members) can access their instance, how they authenticate, and what they can do within that instance. The organization is ultimately in control of all of the end users who access their instance. Members are identified by their email:

Unique identifiers

Organizations are uniquely identified by:
  • organization_id
  • organization_slug
Members are uniquely identified by:
  • member_id is unique across all Organizations
  • email_address is unique within the Organization, but can link a member across Organizations

Organization-specific configurations

Each Organization has its own set of configurations, allowing your customers control over their own auth requirements. Organization-specific settings include, but are not limited to: approved auth methods, JIT provisioning, SSO connections, MFA policies, custom metadata, and more.

Hybrid model

If you have a mix of business customers and individual end users, we recommend using multi-tenant auth and creating an Organization behind the scene for each individual user “tenant” in order to allow these single-player accounts to seamlessly upgrade and add potential collaborators in the future.

Don’t need multi-tenancy?

Use consumer auth if you don’t require Organizations or multi-tenancy.