Frequently Asked Questions (FAQ)

What is a tenant?

In Wristband, a tenant represents a distinct customer, organization, or business unit within a multi-tenant application. Wristband treats tenants as first-class entities.

  • Strict isolation: Every user must belong to a specific tenant. Identity management, authorization policies, and data access are scoped at the tenant level to prevent cross-tenant data leakage or privilege escalation.
  • Customization: Tenants are independently configurable. You can customize security policies, such as multi-factor authentication (MFA), password complexity, and single sign-on (SSO), as well as UI branding for each tenant.

How are tenants isolated from each other?

Wristband uses a logical isolation architecture, also known as a shared-database multi-tenant model.

Tenants share the same underlying database instance, but their data is separated using a unique tenant identifier discriminator column on each relevant database row.

Authorization & Access Control

Who enforces authorization decisions?

Authorization responsibilities depend on the type of resource being accessed.

Resource typeEnforced byHow it works
Wristband-managed resources, such as users and tenantsWristband APIWristband evaluates every API request to verify that the authenticated principal has the required predefined permissions.
Application-managed resources, such as your domain data and application featuresYour applicationYour application enforces authorization locally. Wristband supports custom roles and permissions, which your application can access through API responses or JSON Web Token (JWT) claims.

UI, Integration, & Data Migration

Are there prebuilt widgets or components for embedding into a frontend?

No. Wristband does not currently support embedded frontend widgets. Instead, you can choose one of two options for the user experience:

  • Hosted UI pages: Use Wristband's out-of-the-box hosted authentication pages.
  • Custom Page URLs: Route workflows to your self-hosted UI pages and manage the underlying authentication flow with Wristband APIs.

How do we migrate data into Wristband?

You can import users programmatically using Wristband's User APIs or a Python script that processes CSV files.

Wristband does not support importing existing password hashes. As a workaround, configure the login flow to detect users without a password and prompt them to complete a password reset during their first login.

How do we migrate data out of Wristband?

You can export your data to CSV using Wristband's export script.

For complex or full-scale migrations, contact Wristband support for assistance.




Did this page help you?