RE: Shared Users

Hi Joshua,

I think option 2 is what I was thinking. When you say another FusionAuth instance, can I assume it could very well be a tenant on the same instance? So, loop back to itself using a tenant ID?

Here's an interesting use case that I can't figure out how to solve and would like some advice for...

We have ClientA, ClientB and Internal. Each of these has separate Users.

We have one product that we provide as a company, which has a central API and UIs hosted at different URIs (one for ClientA and one for ClientB), each connects to a central API (very simple multitenancy).

All good so far

ClientA, ClientB each have separate password strength requirements etc. They all want to be able to log in to their own configured UI.

Out Internal Users must be able to connect to each separate UI as themselves using the same login credentials, as long as they have permission to do so (This is where I am stuck).

---

I hope this is clear so far. So the thoughts I've had are to have three Tenants, one for each Client and Internal. Each UI is an Application within the relevant Tenant, and the API is an Application within Internal Tenant (I think??).

I can clearly authenticate a login to the right UI under each Tenant, but how do I allow Internal to log in to the other UIs? How do I verify a login from multiple Tenants as being allowed to access the API if that is in a different Tenant?

The clear requirement I have been given is that our Internal users must not have to have separate passwords for each UI, and that we would prefer to not have to configure separate Applications for each Client.

Would anyone have any suggestions on how I can achieve this?