Need help moving from organisation not sharing users model to Phasetwos shared users organisation model

p2-inc / keycloak-orgs

Single realm, multi-tenancy for SaaS apps

https://phasetwo.io

Other

417 stars 72 forks source link

Need help moving from organisation not sharing users model to Phasetwos shared users organisation model #269

Closed keshavkaul closed 3 months ago

keshavkaul commented 3 months ago

We have an on prem multi-tenant authentication system that does not share users. We want to move to keycloak with Phasetwo's Organisation extension. But from the docs it seems that all Organisations can share users. I wanted to understand what possible issues we may face when migrating the users to keycloak. One problem i can foresee is of same username conflict between organisation. Any suggestions for resolving this problem?

xgp commented 3 months ago

This extension is designed to allow Users to be members of multiple Organizations within a single Realm. Realms don't allow multiple Users to have the same username. If you are looking for isolated multi-tenancy, this extension probably isn't for you. I'd suggest Realm per tenant.

keshavkaul commented 3 months ago

@xgp Thanks appreciate it, so any suggestions on how to handle performance impact on Keycloak having realms greater than 100? I'm not looking for a solution but any hint or direction would be nice.

keshavkaul commented 3 months ago

@xgp Does PhaseTwo SaaS offering support realm per tenant scenario?

xgp commented 3 months ago

No.