It's probably going to be vendor-specific or you will implement your own auth. At ZITADEL we decided to offer all the standards like OIDC and SAML, and offer a session API for more flexible auth scenarios. You will also be able to mix.
Hi HN, we're thrilled to announce that Zitadel just raised $9M in Series A funding! This will help us make Zitadel, our open source identity platform, even better for developers to build secure applications.
Zitadel simplifies user management, authentication, and authorization with built-in multi-tenancy, making it easy to manage users across different customers, departments, or organizations. This way, you can focus on what matters most: creating amazing products. We're also working on exciting new features like user activity monitoring, which will allow you to easily audit user behavior, build custom reports, and enhance security with tools to detect and react to threats.
We believe everyone deserves access to simple and secure identity solutions. Check out Zitadel and let us know what you think!
If you prefer an open source, and maybe more mature, alternative for multi tenant/b2b auth then have a look at https://zitadel.com (disclosure: work for zitadel)
Hey Adil. We're looking for a Go backend engineer and experience with cloud native architectures. Happy to connect. You can find the job here: https://zitadel.com/jobs
ZITADEL would be a good choice if you have multiple tenants and want delegate things like access management and configuring auth per tenant in self-service - that part comes out of the box with ZITADEL and could save you quite some development. I wanted to throw that in, because for the authentication part most solutions would match your requirements, but keep also authorization and auditability in mind.
I played around with Zitadel. It looked a bit too confusing with too many UI options in it.
My tech stack is this: React on frontend, NestJs on backend, React Native for mobile app (this is currently not in scope, so my playground at the moment is web app and backend).
Then I went to structure the Zitadel like this: 1 Organization has -> 1 Project has -> 2 Application.
Applications:
- 1 User Agent (this I use on React side, I guess?)
- 1 Web app (this I use in NestJs, I guess?)
And both applications have PKCE flow as Authentication Method.
Then I check the API for application type and it has only Private JWT authentication method.
Can I have then 1 Web App/User Agent and 1 API application?
or 1 Web App and 1 User Agent?
And if I use API application with private key JWT, what should be the auth method for other application?
Have a look at ZITADEL (https://github.com/zitadel/zitadel or https://zitadel.com/), I think that does what you want.
You can create multiple tenants (called Organizations) and you can setup security / login rules per organization such as enforcing MFA. Furthermore you can configure on each tenant a separate SSO and users are directly forwarded to their identity provider.
When you first enter your username (could be an email) on the login screen, the policies of the user's organization will be applied. That allows you to route users based on their email domain etc.
One additional thing to mention is that ZITADEL does not only handle authentication, but also authorization with self-service. Managers of an organization can, for example, assign users of their organization roles.
All of these features are included. Main drivers for pricing in this case, I assume will be daily active users (sum over the month) and how many third-party identity providers you have configured. Unlimited tenants, users, permissions etc. are included.
We use DAU instead of MAU, since there are many different use cases and that seems work quite well. Just take the MAU and multiply by how many times per month your users will sign-in.
In the enterprise tier we offer more custom quotes for higher volumes, guarantee requirements, and support SLAs.
And to clarify on the third party providers. Assuming every org is using Azure - that’s 1 provider per org. So 53 orgs would be an extra $1,000 / month?
Yes that's correct. Get a quote for your use case, if you are already running on higher numbers. Pricing might not fit all cases, that's why there's also an Enterprise tier.
reply