Skip to main content
Paid Feature

This is a paid feature. For self hosted users, Sign up to get a license key and follow the instructions sent to you by email. This will start a SuperTokens subscription.

If you are using the development environment of our managed service you can use this feature for free. If you want to enable this feature for the production environment, please email us

Multi tenancy / organizations

Multitenancy is a way to organize your application to support multiple tenants. A tenant is a group of users who share a common access with specific privileges to the application. They are isolated from one another and can only access their specific data. Furthermore, each tenant can have different methods of logging in, configured by the tenant, or by you (the application developer).

For example, a SaaS application for a financial company may want to separate their users by the financial institution they represent. This would require a login screen that asks for a username and password, as well as the name of the tenant. The application would then route the user to their specific tenant, which could be a different database or a different collection of data within a database.

Features#

Enterprise SSO / SAML login#

  • Allows your customers to login using their Workforce IdP (OAuth 2.0 & SAML supported). The list of in built providers is stated above, but you can also easily define a custom provider in case we don't support it out of the box.
  • Allow your customers to add and configure their SSO provider themselves. SuperTokens gives you all the building blocks required for this so that you can let customers add their own SSO provider with zero manual intervention from your side during customer onboarding.

Unique login methods per tenant#

Each tenant can have its own login method. For example, one tenant can have email password login, while another can have SSO login.

Different user pools#

Each tenant will have its own user pool.

  • Isolating users to their orgnisation becomes very simple.
  • This also means that one user can login using the same email across different tenants and they will be treated as different users. You can also share a user across tenants.

Data isolation#

In addition to the above, this feature can also be used to implement data isolation for each of your tenants wherein a different database is used per tenant.

Dynamic tenant creation#

You can create and configure a tenant via few, simple API calls from your backend API layer. No need to manually onboard customers anymore.

Multiple dev environments#

Create multiple dev / staging environments to help with your development process. You can also create a new environment on the fly for CICD testing purposes.

Flexible tenant discovery#

Use any form of tenant discovery method. For example, use one sub domain per tenant, or a form for tenant selection. The form can have a list of tenants to choose from, or an input box to enter the tenantId / workspace URL / identifier - as defined by you.