Configure Identity Providers per tenant
-
Hello,
I have the following use case:
I am developing a multi-tenant SaaS with Fusionauth as IAM. Each tenant (customer) of our application gets its own tenant in Fusionauth. Each tenant should be able to configure itself whether its users can log in via SAML / OICD with an external IdP - e.g. the company's own Azure AD or Google Workspace.
I see from the documentation that the identity providers are intended for this and Fusionauth acts as a "service provider", correct?
Unfortunately, it seems to me that identity providers can only be configured for the entire Fusionauth instance, but not individually for each tenant. Is this the case?
If so, how can my use case be realised otherwise with Fusionauth?
Thank you very much,
Kind regards -
@impackt
Hiya,
Identity providers are configured globally, but are enabled on a per application basis. https://fusionauth.io/docs/v1/tech/identity-providers/#identity-providers-and-applications has more info.
What many of our users in your situation do is build a lightweight custom application that uses the FusionAuth APIs (SAMLv2 / OIDC) to allow your users to manage their own identity provider. That identity provider can then be associated only with the one application which represents the customer's application.
We have a couple of open issues to improve this setup:
- https://github.com/fusionauth/fusionauth-issues/issues/91
- https://github.com/FusionAuth/fusionauth-issues/issues/1524
Please upvote them if they meet your needs, or add comments about your use case if you'd like.
-
Okay, got it, so currently you need a little self built workaround. Thank you very much!
The tickets read exciting in principle, but are not currently relevant for me.
-
@impackt Great, glad you have a path forward.