Software And Architecture

The need Q: Why do we need the option to allow tenant's to create their own roles? A: So that they can correlate their business roles with the SaaS application roles rather than try to create a mental map of what business role maps to which application role Q: It seems quite useful, but how much of an effort is this? A: Though it seems to be a little more work, it is quite simple. This post will walk through how to build and use this model. Database Design In the database (which ever multi-tenancy level is chosen), we need a table which we can call it as Roles. This table normally contains the following attributes Roles (id, name, description, createdby, createdon, updatedby, updatedon, status/isActive)  This table allows all the roles to be at the global level. There will be another table called as Tenant Role which map the roles against the tenant's TenantRoles(id, tenantId, roleId, mappedby, mappedon, updatedby, updatedon, status/isActive) In this table, we are mapping the r

User Authentication in Multi-Tenant SaaS Apps Introduction We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application. Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps Tenant Identification User Authentication User Authorization Forwarding the user to the tenant application / tenant pages in the SaaS App This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service. Scenario 2 - Global Tenant Identification and User Authentication forwarding   In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, the