Multi-Tenant Architecture separate Realm & SSO

This topic has 0 replies, 1 voice, and was last updated 5 years, 7 months ago by jdevillard.

  • Author
  • #17138


    I’m new to open AM and we would like to create a central place to authenticate (and then authorize) user in our platform.

    Our platform has multiple Tenant Organization. Each Organization can have a custom authentication module (like Azure AD, Google etc…) and classic username/password. So for this, i’ve planned to use one realm per tenant platform. Each platform use oidc to connect to OpenAM platform in which we can define other external provider.

    example architecture

    We also have service like :
    – documentation, we own this component so we can configure custom redirection if needed
    – ticketing, we use freshdesk. This solution can use an external IdP using SAMLv2. But we can only redirect to 1 IDP (or we have multiple tenant). So I’ve created one realm that correspond to this external app and with the SAML Provider.

    User can be part of an Customer Organisation (so 1 tenant), but user can be part of my company (administrator) or Partner (integrator of the solution) and so can access to different tenant.

    I’ve understand that OpenAM can only authenticate a user against One Realm but my need is to create a Real SSO to allow some user to access multiple Tenant/service without the need of new credentials. (I will see in a second step for authorization but I will need an authorization server for this)

    I hope my need and explanation are clear, how can I achieve this kind of architecture?

    Thanks a lot for your help.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?