Identity Platform multi-tenancy

Identity Platform lets you add Google-grade authentication to your apps and services, making it easier to secure user accounts and securely managing credentials.

Multi-tenancy takes this concept one step further. Using tenants, you can create unique silos of users and configurations within a single Identity Platform project. These silos might represent different customers, business units, subsidiaries, or some other division. Multi-tenancy is most commonly used in business-to-business (B2B) apps.

Understanding tenants

You can use Identity Platform tenants to establish a data isolation boundary between resource hierarchies. Each tenant has its own:

  • Unique identifier
  • Users
  • Identity providers and authentication methods
  • Auditing and IAM configuration
  • Quota allocation
  • Identity Platform usage breakdown

This allows tenants to operate autonomously from one another, with different configurations and users, even though they are part of the same project.

Supported sign-in methods

Identity Platform tenants support many of the same authentication methods as non-tenant instances of Identity Platform. Currently supported providers include:

  • Email/password
  • Social Providers (such as Google, Microsoft, and LinkedIn)
  • SAML Federation
  • OpenId Connect Federation

Limitations

Identity Platform tenants don't support the following features:

  • Disabling account linking
  • Adding a blocking function specific to a given tenant

In addition, you can't disable user signup or user deletion from the Google Cloud console. However, you can configure these settings through the API.

What's next