Frequently Asked Questions (FAQ)
What is a tenant?
Wristband is an authentication platform purpose-built for multi-tenant applications, with tenants modeled as first-class entities within the system. Every user in Wristband must be associated with a tenant, enabling strict logical isolation between users. This isolation ensures that data access, identity management, and authorization policies are scoped to a specific tenant, preventing cross-tenant data leakage or privilege escalation. Each tenant is independently configurable, supporting per-tenant customization of security policies (e.g., password complexity, MFA requirements, SSO) and UI branding, enabling applications to deliver fully tailored authentication experiences per tenant.
How are tenants isolated from each other?
Tenants are logically isolated from each other. They exist in the same database instance, but the data is isolated from each other using a tenant identifier discriminator column.
Who enforces authorization (RBAC) decisions?
For resources managed by Wristband, such as users and tenants, Wristband enforces authorization policies at the API level. Each API request is evaluated to ensure that the authenticated principal has the necessary permissions to access the requested data or perform the specified operation. Wristband offers a comprehensive set of predefined permissions for its managed resources, enabling administrators to configure fine-grained access control for users.
For resources managed by your application, authorization checks must be handled within the application itself. Wristband supports defining custom roles and permissions that align with your application's domain entities and functionality. These roles can be assigned to Wristband users and clients. Your application can then use Wristband’s APIs or token claims to determine the roles and permissions associated with the authenticated principal, and perform local authorization checks based on that information.
Are there prebuilt widgets or components that can be embedded into our frontend code?
We prioritized our hosted UI pages for our out-of-the-box offering. We also allow you to host your own UI by configuring "Custom Page URLs," which enable you to take control of our workflows through API calls. As a result, we don't currently support an embedded widget.
How can we migrate data from our system into Wristband?
You can import users into Wristband using our user APIs. We also have a Python script that can be used to import users from a CSV file. Currently, we don't support importing existing password hashes, but our login flow can be configured to require users to reset their password if one is not already set.
What if I want to migrate my data out of Wristband?
If something isn't working for you, we'll go above and beyond to make your experience with us better. That said, we understand that sometimes you may have different needs. In that event, you can use this export script to export your data as a CSV. If you have more complex needs, please reach out to our support team, and we will assist you.
Updated 13 days ago