Chapter 6. Tenant Authentication and Routing

At this stage, our focus on the control plane has been squarely on building a foundation that allows us to introduce multi-tenancy into our architecture. Onboarding, user management, and tenant management all allow us to configure, capture, and prepare our tenant for entry into a SaaS environment. Now it’s time to start thinking about how a tenant uses these constructs (and others) to enter the front door of our multi-tenant environment.

It’s at this point where you authenticate a user that all the pieces of your onboarding and tenant management come together. Here you’ll see how the configuration information that was stored in tenant management can play a role in the flow and implementation of your authentication experience. We’ll also see how the work that was done to connect our users to tenants will yield the tenant context that becomes essential to the downstream services that are part of your multi-tenant architecture.

For this chapter, I’ll begin by looking at the fundamentals of how you expose the entry point to your multi-tenant solution. There are multiple strategies that can be used to access a SaaS environment, some of which explicitly identify the tenant that is entering the system and others that rely on internal mechanisms to determine which tenant is accessing the system. Each of these have implications on how your tenant is authenticated and connected with the appropriate identity provider.

We’ll also look at how your ...