Skip to main content

I'm wondering if there are any people here having experience with deploying the same application to different companies combined with the usage of the same IAM database.

What we're doing is that we deliver the same application to multiple companies. Due to the pricing plan we apply we are in control of the amount of users and what modules (roles) we let them use.

I currently don't know exactly how we could set up or use IAM to have one (only 1) system administrator per company that can manage their users, e.g. change permissions, but not adding new users or modules they don't have access to.

When taking a look at the Administrator roles (https://docs.thinkwisesoftware.com/docs/iam/administrators.html) and trying them out, it looks to me that they don't really apply to us.

Alternatively, we could build another application on top of IAM dealing with all these issues, but that's really something we don't want to do I guess?

Another alternative is to deploy per customer 1 IAM database, but that still doesn't solve the question about limiting the amount of users per customer.

Besides that, IAM is I think very difficult to understand for our end users that allows them way to much (e.g. changing the authentication type, which they absolutely should not).

I'm curious how others do this, please let me know :grinning: .

Hi René,

Currently, the module information is not synchronized to IAM. Because of this, it is not possible to limit individual applications to specific modules.

If you want to limit access to modules, you will need to deploy an IAM per company. Using a limited-module synchronisation or deployment, you can limit the roles that an administrator can use.

An administrator of the company can be configured for the role ‘Application owner', to grant roles to user groups. This administrator would not be able to modify the users.

Would this be a good solution?


Reply