...
Advantages | Disadvantages | |
---|---|---|
The underlying hardware is the same for all tenants. | Additional complexity in the configuration. | |
Licencing is shared across all tenants.Certain services | have to be hosted for each | |
SaaS functions can be used, such as dynamic registration of a new tenant (IAMaaS). | Misconfiguration can lead to data being shared across use cases | |
Selected data / master data can be shared across tenants. | The evaluation of the security roles can be slow depending on the use case and data amount. | |
Data is further divided. The risk of accidentally sharing data with other tenants is mitigated. | ||
Complex use cases can be configured. |
...
All the described deployment scenarios can be combined. This allows you to find the best combination for your use cases. It’s also possible to migrate from one deployment scenario to another. But be aware that even though this is possible, it’s not an easy task to do. So be sure to select the ideal scenario for your use case.
Things to consider
Authentication
Each App Customer and each separate instance has its own Identity Provider and therefore its own user base. Especially when using the system as an IdP, this has major implications as usually a relying party only has one IdP associated. Let’s assume you have an customer relationship portal where both employee as well as customers should have access to. You could seperate the customers in one AppCustomer and the employees into another AppCustomer, giving you a clear seperation of the data. For the customer relationship portal you are now facing the challenge, that the portal only has one IdP. So you need to either choose the customer AppCustomer and configure a federation for the employees or combine both user groups in one AppCustomer.