Skip to main content

User Authentication schemes in a Multi-Tenant SaaS Application

User Authentication in Multi-Tenant SaaS Apps

Introduction

We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application.


Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding

In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps

  1. Tenant Identification
  2. User Authentication
  3. User Authorization
  4. Forwarding the user to the tenant application / tenant pages in the SaaS App

This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service.

Scenario 2 - Global Tenant Identification and User Authentication forwarding

 


In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, the user is redirected to tenant specific authentication schemes or pages.

This is analogous to that of the Microsoft Office login, where we provide the email address, the system identifies the tenant and federates the user to the tenant specific login model

Ex: On-Premise Ad, Office 365 Accounts, Federated SSO, Google SSO etc

Scenario 3 - Global User Authentication and Tenant forwarding

In this scenario, we have the users at a global level and the user authentication is happening at the SaaS User Authentication Gateway. In this case, we have a global pool of users. Upon login, we validate the user and then post which we identify the tenant mappings that a user has. The user then chooses the tenant and post which the tenant specific Authorization happens and the user uses the application.

Use Case for Scenario 3

In case of a service provider like a Financial Auditing firm, we can have all the auditors register with the SaaS firm. Once they are allocated to a specific Company (Microsoft , Google), the SaaS Provider application will have the mapping for the user with the firm.

Post login, the user will be redirected to a page, where he / she can choose the firm in which they need to operate and then they can perform the operations

Advantages

In this model, the authentication and user management are not burden for the tenants

The Tenant has their authorization within their application, even as a AuthZ microservice

Summary

We have discussed couple of approaches, these are not the only ones available, I just happen to write this blog post when trying to answer a question in Stackoverflow.

Hope this helps

Labels:

Comments

Post a Comment

Popular posts from this blog

Handling exceptions in the Executor service threads in Java

Introduction This is a continuation post on the exception handling strategies in the threads in Java. For Introduction, please read this post The second post is available here This post addresses the problem statement "How to use the exception handlers in the threads spawned by the Executor Service in Java?" Not all times, we will be using Thread  classes to run our threads because we have to manage a lot of the underlying logic for managing threads. There is ExecutorService in Java which comes to the rescue for the above problem. In the previous posts, we have discussed on how to handle the exceptions in plain threads. However, when using executor service, we do not create / manage threads, so how do we handle exception in this case. We have a ThreadFactory   as an argument which can be used to customize the way threads are created for use within the ExecutorService . The below snippet of code leverages this feature to illustrate the exception handling, wherein we create a
Post a Comment
Read more

Download CSV file using JavaScript fetch API

Downloading a CSV File from an API Using JavaScript Fetch API: A Step-by-Step Guide Introduction: Downloading files from an API is a common task in web development. This article walks you through the process of downloading a CSV file from an API using the Fetch API in JavaScript. We'll cover the basics of making API requests and handling file downloads, complete with a sample code snippet. Prerequisites: Ensure you have a basic understanding of JavaScript and web APIs. No additional libraries are required for this tutorial. Step 1: Creating the HTML Structure: Start by creating a simple HTML structure that includes a button to initiate the file download. <!DOCTYPE html> < html lang = "en" > < head > < meta charset = "UTF-8" > < meta name = "viewport" content = "width=device-width, initial-scale=1.0" > < title > CSV File Download </ title > </ head > < body >
Post a Comment
Read more

SFTP and File Upload in SFTP using C# and Tamir. SShSharp

The right choice of SFTP Server for Windows OS Follow the following steps, 1. Download the server version from here . The application is here 2. Provide the Username, password and root path, i.e. the ftp destination. 3. The screen shot is given below for reference. 4. Now download the CoreFTP client from this link 5. The client settings will be as in this screen shot: 6. Now the code to upload files via SFTP will be as follows. //ip of the local machine and the username and password along with the file to be uploaded via SFTP. FileUploadUsingSftp("172.24.120.87", "ftpserveruser", "123456", @"D:\", @"Web.config"); private static void FileUploadUsingSftp(string FtpAddress, string FtpUserName, string FtpPassword, string FilePath, string FileName) { Sftp sftp = null; try { // Create instance for Sftp to upload given files using given credentials sf
2 comments
Read more

Async implementation in Blazor

Step-by-Step Guide to Achieving Async Flows in Blazor: 1. Understanding Asynchronous Programming: Before delving into Blazor-specific async flows, it's crucial to understand asynchronous programming concepts like async and await . Asynchronous operations help improve the responsiveness of your UI by not blocking the main thread. 2. Blazor Component Lifecycle: Blazor components have their lifecycle methods. The OnInitializedAsync , OnParametersSetAsync , and OnAfterRenderAsync methods allow you to implement asynchronous operations during various stages of a component's lifecycle. 3. Asynchronous API Calls: Performing asynchronous API calls is a common scenario in web applications. You can use HttpClient to make HTTP requests asynchronously. For example, fetching data from a remote server: @page "/fetchdata" @inject HttpClient Http @ if (forecasts == null ) { <p> < em > Loading... </ em > </ p > } else { <table>
Post a Comment
Read more