Introduction

By using Auth0's Organizations feature, you can create a multi-tenant authentication and authorization mechanism for your application. Specifically, different authentication methods and authentication screen designs can be provided for each company or organization that uses the application.

Until now, when using Auth0, it was necessary to separate Auth0 tenants and application settings for each company or organization, and there were operational burdens and functional limitations due to multiple management targets. By using the Organizations feature introduced this time, you can eliminate these restrictions.

This page introduces the setting method and the actual login operation for realizing multi-tenant authentication using the Organizations function.

Setting Example

We will explain how to set up the Organizations function, using multi-tenant authentication in a certain application as an example. As shown in the diagram at the beginning, we provide different authentication screens and authentication methods for each company.

The flow of necessary settings is as follows.

0. Advance preparation: application startup
1. Create Organization
2. Added federated authentication method (Connections)
3. Add linked user
4. Add a linked application
5. Creating another organization and adding various linkages

From here, we will introduce the specific setting method.

1. Create Organization

• On the Auth0 admin screen, click Organizations

• Click +Create Organization

• Enter the following items and click [Add Organization]

• Name: Organization setting name * Only lowercase letters and underscores can be used
• Display Name: Organization display name on the authentication screen

• The following message is displayed, confirming that the settings have been completed.

• Go to the [Overview] tab and change the authentication screen logo and color scheme

• Click Save Changes

2. Added Federated Authentication Method (Connections)

• Go to Connections tab and click Enable Connections

• Select [Username-Password-Authentication] and click [Enable Connection]

• Set whether to automatically register to the organization *If you change it, click [Save]

• Return to the [Connections] tab and check the added connection

3. Add linked user

• Go to Members tab and click Add Members

• Search for the user to register and click [Add Member(s)]

• Confirm registration result

4. Add a linked application

• On the Auth0 admin screen, click Applications > Applications

• Click the Application settings prepared in "0. Preparation: Start application"

• Go to the [Organization] tab and set the following items

• What types of end-users will access this application? : Team members of organizations (only users belonging to the organization can log in)
• Display Organization Prompt: ON (displays the organization selection screen when logging in)

• Click Save Changes

operation check

1. Login by Company ABC member

• Access the sample application in your web browser and click [Log in]

• Enter your organization name and click [Continue]

• The login screen for Company ABC will be displayed. Enter your email address/password and click [Continue].

• Confirm that you have logged in as a user of Company ABC

2. Company XYZ member login

• Access the sample app in your web browser and click [Log in]

• Enter your organization name and click [Continue]

• Since the login screen for Company XYZ is displayed, perform authentication using an external IdP

• Confirm that you have logged in as a user of Company XYZ

in conclusion

By using the Auth0 Organizations function, you can easily implement multi-tenant authentication support in your application. It is a function released in 2021, and although there are some points that feel inadequate, such as the organization selection procedure on the authentication screen, we expect that it will be improved in the future.

If you are interested in multi-tenant authentication realized by Auth0, please contact us.