Multi-tenancy: user in multiple tenants


During my testing of multi tenancy authentication, I made:

  • Tenant 1
  • Tenant 2

I made a role & added a user.
This user now exists only for tenant 1.
Is it possible to also give this user access to tenant 2 with the same account?
I suppose it is possible, because in the documentation ( ) the 2 bottom images show user 1 in both tenants. However, I can't see to use tenant 2 for this user.

My tenantadmin account for example can switch between tenants, so I was wondering if I could make multiple admin accounts, which need to be able to switch between tenants.

Hi @DigitalCompetitive,

At the moment only roles can be the same across tenants - we will research if it's possible to enable the same for users.

UPDATE: Actually this is not possible. Each user is associated with a single tenant and this is how a deployed application will know which tenant to use when you login with a user.

So, if I understand it correctly, there can only be 1 admin account?
That would be quite a critical security issue if all our developers need to use this same "tenantadmin" account and we cannot log which person has done certain changes, because logging will say "tenantadmin" for all our developers then.

Edit: and how exactly do you make roles the same across tenants? I can't seem to get that working either.

Yes, at moment the tenants admin account is only one - if you need such multiple accounts you can extend the application in the way you want. Same role names across tenants was added recently, check if you have latest version.

@enchev : Reading this about "Same role names across tenants" , any documentation or simple example on how to enable this ?

@mcanavar Same role names across tenants was limitation that was fixed.

@enchev : Do you mean: Global role names are not possible and it was possible but now disabled / fixed ?

@mcanavar It was not possible to add role name to a tenant if there is a role with the same name in other tenant. Now you can have role with name admin in Tenant1 and role with the same name admin in Tenant2. Not sure how can explain it better.

@enchev : Confusing thing here: What the original poster was asking was what I believe : is to have one entry in the ApplicationRoles table e.g. "User role" , and use it across all tenants without having to add or assign the role to a specific tenant (id).

What you explain: that it was not possible to have the same "role" "name" for each "tenant" and that it is now possible to have same "role" "name" for each "tenant".

But I have my answer : It is not possible to use one role entry for all tenants , you have to assign roles for each tenant separately, the same role names can be reused with each tenant .

It is sometimes difficult to understand when communicating in an other language then your own ( in my case have to translate it twice :slight_smile: .

Thank you for being so patient !

@mcanavar Roles are saved in the same table for all tenants (AspNetRoles). There was a unique constraint for the Name field. I’m closing this thread since there is nothing else we can add.