Identity Platform multi-tenancy

Identity Platform lets you add Google-grade authentication to your apps and services, making it easier to secure user accounts and securely managing credentials.

Multi-tenancy takes this concept one step further. Using tenants, you can create unique silos of users and configurations within a single Identity Platform project. These silos might represent different customers, business units, subsidiaries, or some other division. Multi-tenancy is most commonly used in business-to-business (B2B) apps.

Understanding tenants

You can use Identity Platform tenants to establish a data isolation boundary between resource hierarchies. Each tenant has its own:

• Unique identifier
• Users
• Identity providers and authentication methods
• Auditing and IAM configuration
• Quota allocation
• Identity Platform usage breakdown

This allows tenants to operate autonomously from one another, with different configurations and users, even though they are part of the same project.

Supported sign-in methods

Identity Platform tenants support many of the same authentication methods as non-tenant instances of Identity Platform. Currently supported providers include:

• Email/password
• Social Providers (such as Google, Microsoft, and LinkedIn)
• SAML Federation
• OpenId Connect Federation

Limitations

Identity Platform tenants don't support the following features:

• Disabling account linking
• Adding a blocking function specific to a given tenant

In addition, you can't disable user signup or user deletion from the Google Cloud console. However, you can configure these settings through the API.

What's next

• Enable multi-tenancy and create a tenant
• Sign in users with tenants
• Create sign-in page for multiple tenants
• Migrate existing users to a tenant
• Manage tenants programmatically