Can one user belong to multiple tenants? #4860 | Support

portx-dev created one year ago

Can one user belong to multiple tenants?

Use Cases: ・I belong to the parent company. ・There are multiple subsidiaries and each subsidiary has its own CRM with ABP Commercial. ・I want to belong to multiple subsidiaries.

Proposed Solution:

1.Use IDP such as Okta. →I think this can be done.

To use ABP Commercial's functionality to achieve this. →Do you have a good idea for this?

7 Answer(s)

0

portx-dev created one year ago

Examples are https://support.zendesk.com/hc/en-us/articles/4408829476378-Setting-up-multiple-brands

zendesk allows multiple subdomains (brand) to be created within one contract.

liangshiwei created one year ago

Support Team Fullstack Developer

Hi,

yes, it's possible.

You can add a field for the user via the object extension system, for example: IsAvailableAllTenants

Then use domain events to synchronize user information to all tenants.

 public class MyHandler : ILocalEventHandler<EntityCreatedEventData<IdentityUser>>,
          ITransientDependency
{
    public async Task HandleEventAsync(
        EntityCreatedEventData<IdentityUser> eventData)
    {
        if(eventData.Entity.GetProperty<Bool>("IsAvailableAllTenants"))
        {
            
            var tenants =await TenantRepository.GetAllListAsync();
            foreach(var tenant in tenants)
            {
               using(CurrentTenant.Change(tenant.Id))
               {
                  // create a user for all tenants...
               }               
            }
        }
    }
}

You should also handle the update and delete events.

0

portx-dev created one year ago

Thank you very much. I understood that your idea is user provisioning.

Is there a way to SSO each tenant?
0

liangshiwei created one year ago
Support Team Fullstack Developer

Hi,

No, they are actually different users, but all the information is the same
0
portx-dev created one year ago
Yes, I have the following understanding.

a.xxxx.com = rei_okawara@portx.team b.xxxx.com = rei_okawara@portx.team c.xxxx.com = rei_okawara@portx.team

I also understand that each has the same information but is a different user.

In that case, it would be tedious to log in for each tenant. My ideal would be as follows, is it possible to achieve each of these?

once I log in to any tenant, I can use a pull down to switch tenants.

be able to SSO from ABP Commercial's IdP to each tenant

third party IdPs can SSO to each tenant.
0

liangshiwei created one year ago
Support Team Fullstack Developer

Hi,

I think the linked account feature is suitable for you, you can check it.

Users can link to other accounts, and you can also automatically link through the code: https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityLinkUserManager.cs#L74
0

portx-dev created one year ago

thx

Have an answer to this question? Log in and write your answer.