Site Home
Guides
LoginTry for Free

Frequently Asked Questions (FAQ)

What is a Tenant in Wristband?

In Wristband, a tenant is an isolated logical boundary that represents a customer, organization, or business unit. Tenants let you build multi-tenant applications with scoped data access, tenant-specific policies, and custom authentication experiences.

Wristband handles multi-tenancy through two core pillars:

1. Strict Isolation

Every user belongs to a specific tenant. This prevents cross-tenant data leaks and privilege escalation by keeping identity, authorization, and user data scoped to the correct tenant.

  • Sand-boxed Entities: User accounts and related data are logically separated by tenant. For example, two users can share the same email address as long as they belong to different tenants.
  • Scoped Policies: Authorization rules and identity management settings are scoped at the tenant level.

2. Deep Customization

Different business customers often have different security, branding, and identity requirements. Wristband lets you configure tenants independently using a hierarchical configuration model.

  • Custom Security: Configure multi-factor authentication (MFA), password complexity, and single sign-on (SSO) settings per tenant.
  • Tailored Branding: Give each tenant its own custom domain, color scheme, and UI branding for a white-labeled authentication experience.

How is Tenant data isolated?

Wristband uses logical isolation, also known as a shared-database multi-tenant architecture. Tenants share the same underlying database instance, but tenant-specific data remains isolated by tenant.

Data Separation Mechanism

Wristband separates tenant data using tenant identifiers and query-level filtering.

  • Discriminator Column: Every tenant-specific database row contains a unique tenant identifier.
  • Query Filtering: Database queries use the tenant identifier to restrict data visibility to the active tenant.
  • Resource Efficiency: Shared database infrastructure reduces operational cost and simplifies database management.

Who enforces authorization decisions?

Authorization responsibilities depend on the type of resource being accessed.

Resource typeEnforced byHow it works
Wristband-managed resources, such as users, tenants, roles, and other identity objectsWristband APIWristband evaluates every API request and verifies that the authenticated principal has the required predefined permissions before granting access.
Application-managed resources, such as your business data and application featuresYour applicationYour application enforces authorization decisions. Wristband provides custom roles and permissions through API responses and JSON Web Token (JWT) claims, which your application can use to implement its authorization logic.

This shared responsibility model lets Wristband secure identity resources while your application controls authorization for domain-specific resources and business logic.

Are embeddable UI widgets available on Wristband?

Wristband does not support prebuilt embedded front-end widgets.

Authentication UI Options

Choose one of two strategies to handle the user authentication experience:

  • Hosted UI Pages: Use Wristband's ready-to-use hosted login and registration pages.
  • Custom Page URLs: Direct authentication workflows to your self-hosted UI pages while managing the backend flow with Wristband APIs.

How can I migrate existing users into Wristband?

You can migrate user data into Wristband with programmatic methods.

  • User APIs: Import users by sending user data directly to Wristband's user endpoints.
  • Python Script: Upload bulk user records from CSV files with the Wristband user import script.

Key Limitation

Wristband does not support importing existing password hashes from legacy systems.

Migration Workaround

Handle passwords during each imported user's first interaction with your application.

  1. Detect Missing Passwords: Configure the login flow to identify imported users who do not have an active password.
  2. Trigger a Password Reset: Prompt the user during their first login attempt to start the password reset workflow.

How can I export users from Wristband?

You can retrieve your data from Wristband using one of two paths, depending on the complexity of your export.

  • Self-Service CSV Export: Export your data to CSV with Wristband's export script.
  • Support-Assisted Migration: Contact Wristband support for help with complex or full-scale data exports.