Hello, we've got a multitenant SaaS, and we'd like to offer our users custom domains. Setting up a custom domain will be self-service, and there will potentially be thousands. The backend is .NET Core, and the frontend is Remix (Node, React).
Our main app is served at
app.ourdomain.com, and custom-domain users will access the app at
subdomain.theirdomain.com. Everyone shares a single instance of the app.
For now, we don't mind using the same user pool for all domains (including the main app). We can host the auth service at some kind of generic domain to maintain the white-labeling aspect (it doesn't have to be per-user).
We've got routing and SSL sorted for the custom domains - the main question is: how do we authenticate securely?
- Do we whitelist a large amount of callback URLs?
- Do we create an Application per custom domain? (Does this mean we have to sync users?)
- Do we redirect to the main app and perform some kind of sidechannel/backchannel SSO iframe magic?
Our app currently has its own internal notion of Tenants, Teams/other hierarchies, but we can migrate to the concepts in FusionAuth if that's required.
Any guidance would be appreciated, thank you!