You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FusionAuth does not currently handle true multi-tenant SSO using the hosted login pages.
Example use case:
Bob has a user in Tenant A in FusionAuth
Bob logs into FusionAuth SSO at https://login.acme.com/oauth2/authorize
Bob has a user in Tenant B in FusionAuth
Bob attempts to login to FusionAuth at https://login.acme.com/oauth2/authorize
Because Bob already has an SSO session via a session cookie dropped in his browser, FusionAuth does not prompt the user to login. The user represented by the SSO session is Bob from Tenant A, not Tenant B.
In FusionAuth version 1.12.0 this scenario will fail when Bob from Tenant B attempts to login indicating that multi-tenant SSO is not currently supported via the hosted login pages.
Original Problem Description
If you use a multi-tenants approach in FusionAuth. For example, if you have a multiple company’s (tenants), each company has own users. It’s not possible to use FusionAuth login page for authorization with tenant_name, user_name and password, because you don’t have a possibility where you can just input your tenant_name, user_name and password and make a "log in".
Solution
Support multiple sessions, one per tenant so that Bob can log into each tenant within the same browser.
Original Solution Description
Create a login page and corresponding endpoint, where you can have a possibility to input your tenant_name, user_name and password, click "log in" button and make a "log in". With tenant_name and user_name FusionAuth can discover corresponding user that belong to this tenant and check credentials for this user.
Editor's Note: If you really do require a landing page to select a tenant for login, this would be outside of FusionAuth and could be accomplished on your own. In this scenario you will still need support in FusionAuth for multi-tenant SSO which is described in the solution section.
Additional context
I want to use the FusionAuth for following use case
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered:
unkis
changed the title
Possibility easy to get authorization code or access token by multi tenant approach.
Possibility to log in with just a tenant_name, user_name and password on login page by multi tenant approach.
Nov 2, 2019
robotdan
changed the title
Possibility to log in with just a tenant_name, user_name and password on login page by multi tenant approach.
Multi-Tenant SSO support through the FusionAuth hosted login
Dec 5, 2019
robotdan
changed the title
Multi-Tenant SSO support through the FusionAuth hosted login
Multi-Tenant SSO support using FusionAuth hosted login
Dec 5, 2019
Problem
FusionAuth does not currently handle true multi-tenant SSO using the hosted login pages.
Example use case:
https://login.acme.com/oauth2/authorize
https://login.acme.com/oauth2/authorize
In FusionAuth version 1.12.0 this scenario will fail when Bob from Tenant B attempts to login indicating that multi-tenant SSO is not currently supported via the hosted login pages.
Original Problem Description
If you use a multi-tenants approach in FusionAuth. For example, if you have a multiple company’s (tenants), each company has own users. It’s not possible to use FusionAuth login page for authorization with tenant_name, user_name and password, because you don’t have a possibility where you can just input your tenant_name, user_name and password and make a "log in".
Solution
Support multiple sessions, one per tenant so that Bob can log into each tenant within the same browser.
Original Solution Description
Create a login page and corresponding endpoint, where you can have a possibility to input your tenant_name, user_name and password, click "log in" button and make a "log in". With tenant_name and user_name FusionAuth can discover corresponding user that belong to this tenant and check credentials for this user.
Additional context
I want to use the FusionAuth for following use case
https://stackoverflow.com/questions/57656971/multi-tenant-authorization-wth-fusionauth/57661739?noredirect=1#comment101833762_57661739
Related
#358
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: