<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006iRWyTSAWOkta Classic EngineAdministrationAnswered2024-04-15T10:56:10.000Z2019-10-01T07:12:29.000Z2019-10-02T18:52:43.000Z

2lgvg (2lgvg) asked a question.

October 1, 2019 at 7:12 AM
User isolation and initiated SSO for Multi tenant web application

 The application which we are building support multi tenancy. We have 2 types of users. 1 organisation head/ admin who would register the organisation. Second type of user is the organisation employee who will be invited by Admin user to join our application. We want to isolate users based on organisation and also want to provide initiated sign Up/In for employee users.

 

Question : Is it possible to achieve isolation based on Tenant in same application ? If so how can it be achieved ?

 

Question : Is it possible to achieve tenant specific initiated sign Up/In ? If so how can it be achieved ?

  • 1 answer
  • 937 views

  • DanSacui (Vendor Management)

    Hello Atul,

     

    Dan here with Okta Support,

     

    The scenario where only one application is being used across both tenants is supported, however this would involve using an org2org connector. The issue I can see here is that when the users connect to the application hosted in the Admin org, accounts will be created for the users in the admin org via Just In time provisioning.

    When using only one app, the user base will need to exist in both of the orgs

     

    If the application supports multiple SSO configurations then this should be possible by adding the application in both tenants, configure for sso and granting access to the app in both of the applications/tenants. This second scenario seems to be the closer one to what you are trying to achieve in this instance.

     

    Should you have issues with implementing this, please open a support ticket and we will further assist.

     

    Best Regards,

    Dan

    Expand Post
    Selected as Best

  • DanSacui (Vendor Management)

    Hello Atul,

     

    Dan here with Okta Support,

     

    The scenario where only one application is being used across both tenants is supported, however this would involve using an org2org connector. The issue I can see here is that when the users connect to the application hosted in the Admin org, accounts will be created for the users in the admin org via Just In time provisioning.

    When using only one app, the user base will need to exist in both of the orgs

     

    If the application supports multiple SSO configurations then this should be possible by adding the application in both tenants, configure for sso and granting access to the app in both of the applications/tenants. This second scenario seems to be the closer one to what you are trying to achieve in this instance.

     

    Should you have issues with implementing this, please open a support ticket and we will further assist.

     

    Best Regards,

    Dan

    Expand Post
    Selected as Best
This question is closed.
Loading
User isolation and initiated SSO for Multi tenant web application