Built from the ground up to be multi-tenant for your customers

Multi-tenancy

Authway is built from ground up to be multi-tenant for you, so that each of your customer/partner/supplier organisations are separated from each other. With this isolation they can only access their own data. Furthmore, each tenant can have different methods to sign-in.

For example, a SaaS project application for fieldwork management may want to separate their users by the craftsman’s company they represent, or a Fleet management supplier may want to separate their users by each customer they have. This requires that the sign-in flow supports asking for the correct type of credentials for each user depending on the tenant they belong too.

It is important to understand that our multi-tenant support is for your customers, while most existing authentication services on the market is only single-tenant for your customers.

Tenant Creation and isolated user pools

It is easy to create new organisations in the admin UI or through API calls, and we publish events when an organisation is created. No need to manually onboard customers anymore. Each organisation will have its own user pool fully isolated from all other organisations.

In some scenarios a user needs to be able to sign-in to multiple organisations and Authway only requires the username to be unique per organisation, which makes this possible. If the authentication method is unique per organisation, the choice is made implicit, but if the same authentication method is used the user will be asked for which organisation he/she want to sign-in.

Unique sign-in methods per organisation

Each organisation can have its own sign-in method. For example, one organisation can have email password sign-in, while another can have SSO sign-in. This allows customers to sign-in using their enterprise (workforce) identity provider (OpenId Connect and SAML supported).

Automatic provisioning of new users

With enterprise identity provider configured it is even possible to have the users automatically provisioned in Authway which will remove all need for your customers to manage users in your service and instead do all management where it belongs; in customer home realm (catalog). With our eventing system this automation can be extended all the way to your other business systems. Many vendors offer SCIM support, but from our perspective auto-provision is a lot easier to setup and covers most scenarios that SCIM does.

Automatic access control

When using enterprise SSO it is even possible to automate all access control. We allow roles to be configured to be added for all new users, but even better we can synchronize which roles a user should belong to during the sign-in process. This moves even more administration back to your customers user catalogs.

Roles per organisation

If permission-based access control model is used, the organisation of users in roles can be unique for each organisation ensuring that least privilege principle is possible. This also makes it easier for each organisation to group users according to their specific organisation chart, instead of adding users to multiple application specific roles.

Flexible packing of your features

The organisation of functionalities in modules makes it easy to control which features should be enabled to which customers. If you choose to use permission-based access control this even opens for flexible packing that can change over time without you needing to do any changes in your applications.

Self-service

Our administrative UI is built so that it can be used by your customers with zero involvement from your side. Your customers can themselves administer the user pool, the organisation of users in roles or even configure their SSO setup themselves.

Open your APIs to your customers

The customers themselves can easily set up new applications to interact directly with your APIs with clear instructions on how to get a token. They can manage what permissions the application should have to which of your APIs.

Even more customization possible per organisation

Authway allows you to do even more customization per organisation, such as configuring stronger password rules, changing the type of username (e-mail, phone number or username) to use and what information is required.