Multi-Tenant SSO support using FusionAuth hosted login

[unkis]

Problem

FusionAuth does not currently handle true multi-tenant SSO using the hosted login pages.

Example use case:

1. Bob has a user in Tenant A in FusionAuth
2. Bob logs into FusionAuth SSO at https://login.acme.com/oauth2/authorize
3. Bob has a user in Tenant B in FusionAuth
4. Bob attempts to login to FusionAuth at https://login.acme.com/oauth2/authorize
5. Because Bob already has an SSO session via a session cookie dropped in his browser, FusionAuth does not prompt the user to login. The user represented by the SSO session is Bob from Tenant A, not Tenant B.

In FusionAuth version 1.12.0 this scenario will fail when Bob from Tenant B attempts to login indicating that multi-tenant SSO is not currently supported via the hosted login pages.

Original Problem Description

If you use a multi-tenants approach in FusionAuth. For example, if you have a multiple company’s (tenants), each company has own users. It’s not possible to use FusionAuth login page for authorization with tenant_name, user_name and password, because you don’t have a possibility where you can just input your tenant_name, user_name and password and make a "log in".

Solution

Support multiple sessions, one per tenant so that Bob can log into each tenant within the same browser.

Original Solution Description

Create a login page and corresponding endpoint, where you can have a possibility to input your tenant_name, user_name and password, click "log in" button and make a "log in". With tenant_name and user_name FusionAuth can discover corresponding user that belong to this tenant and check credentials for this user.

Editor's Note: If you really do require a landing page to select a tenant for login, this would be outside of FusionAuth and could be accomplished on your own. In this scenario you will still need support in FusionAuth for multi-tenant SSO which is described in the solution section.

Additional context

I want to use the FusionAuth for following use case

https://stackoverflow.com/questions/57656971/multi-tenant-authorization-wth-fusionauth/57661739?noredirect=1#comment101833762_57661739

Related

#358

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[YuriyBarvenko1234]

+1

[unkis]

any updates ?

[robotdan]

We do have plans to support multi-tenant SSO. I don't have a timeline for deliver for you.

If you have a pressing business requirement, we can expedite delivery through a professional services contract.

Thanks for using FusionAuth!