Frequently Asked Questions (FAQ)
What is a tenant?
In Wristband, a tenant represents a distinct customer, organization, or business unit within a multi-tenant application. Wristband treats tenants as first-class entities.
- Strict isolation: Every user must belong to a specific tenant. Identity management, authorization policies, and data access are scoped at the tenant level to prevent cross-tenant data leakage or privilege escalation.
- Customization: Tenants are independently configurable. You can customize security policies, such as multi-factor authentication (MFA), password complexity, and single sign-on (SSO), as well as UI branding for each tenant.
How are tenants isolated from each other?
Wristband uses a logical isolation architecture, also known as a shared-database multi-tenant model.
Tenants share the same underlying database instance, but their data is separated using a unique tenant identifier discriminator column on each relevant database row.
Authorization & Access Control
Who enforces authorization decisions?
Authorization responsibilities depend on the type of resource being accessed.
| Resource type | Enforced by | How it works |
|---|---|---|
| Wristband-managed resources, such as users and tenants | Wristband API | Wristband evaluates every API request to verify that the authenticated principal has the required predefined permissions. |
| Application-managed resources, such as your domain data and application features | Your application | Your application enforces authorization locally. Wristband supports custom roles and permissions, which your application can access through API responses or JSON Web Token (JWT) claims. |
UI, Integration, & Data Migration
Are there prebuilt widgets or components for embedding into a frontend?
No. Wristband does not currently support embedded frontend widgets. Instead, you can choose one of two options for the user experience:
- Hosted UI pages: Use Wristband's out-of-the-box hosted authentication pages.
- Custom Page URLs: Route workflows to your self-hosted UI pages and manage the underlying authentication flow with Wristband APIs.
How do we migrate data into Wristband?
You can import users programmatically using Wristband's User APIs or a Python script that processes CSV files.
Wristband does not support importing existing password hashes. As a workaround, configure the login flow to detect users without a password and prompt them to complete a password reset during their first login.
How do we migrate data out of Wristband?
You can export your data to CSV using Wristband's export script.
For complex or full-scale migrations, contact Wristband support for assistance.
Updated 16 days ago