Guides

Why Wristband

Discover how Wristband solves multi-tenant authentication.

Suggest Edits

Wristband is a modern multi-tenant authentication platform for B2B SaaS. Using our APIs and prebuilt hosted pages, developers can build login pages and access controls for their customers in a matter of hours, not months. We free developers from the burden of managing complex multi-tenant authentication, enabling them to focus on their core product.


What Makes Wristband Different

Wristband's architecture and data model are purpose-built for multi-tenant authentication, authorization, and identity management. As a result, Wristband’s design has some significant differences from other authentication platforms.

User Isolation Per Tenant

Wristband’s model firmly adheres to the principle of tenant isolation. As such, all users must belong to a tenant, and all users within a tenant are logically isolated from users in other tenants.

Alt text

For B2B applications, this model offers the following benefits:

  1. Tenants have complete ownership over their users. In B2B applications, tenants typically represent organizations, and the users within each tenant are the organization’s employees. In this context, the organization is the primary authority for managing employee identities and oversees the entire lifecycle of each user.
  2. Prevents conflicts between user data. In a multi-tenant system, data in one tenant should not have side effects on data in other tenants. For example, if a user in tenant A has an email of [email protected]this should not prevent a user in tenant B from having the same email.
  3. Ensures that tenant-specific user data is not leaked across tenants. In models where a single user is shared across multiple tenants, extreme care is required to prevent the exposure of private user data between tenants. However, this risk is mitigated by maintaining separate users for each tenant.

Customizable Tenant Login Pages And Domains

In Wristband, each tenant has a unique login page. This allows tenants to customize the behavior of their login flows to satisfy their distinct business requirements. For example, tenants can configure the login methods that are enabled, define password complexity requirements, enforce MFA policies, and set up enterprise SSO.

In addition to customizing the behavior of the login flows, tenant login pages also support custom branding and custom domains. This allows each tenant login page to be completely white-labeled. For B2B companies, this branding flexibility is highly valuable, as customer organizations often want to maintain their branding within the software they use.

White Labeled Login Pages

Streamlined Tenant Discovery

One consequence of having separate login pages per tenant is that at the start of each login flow, users first need to specify the tenant they are logging into. This process is called Tenant Discovery. To streamline the Tenant Discovery process, Wristband provides multiple Tenant Discovery strategies as described below:

  1. Remembered Tenants: Wristband remembers the tenants a user has successfully logged into and displays those tenants to the user when they land on the login page. The user can then choose the tenant they want to log in to.
  2. Email Resolution: Users can provide their email address, and a list of tenants will be returned showing all the tenants that contained a user with a matching verified email.
  3. Tenant Vanity Domains: Each tenant has a unique vanity domain that can be used to go directly to the tenant's login page. Users can bookmark this URL, or applications can link directly to it to skip past the tenant discovery step.
Alt text

Tenant Discovery - Remembered Tenants

Seamless Cross-Tenant Authentication

When users successfully log in to a tenant, the created Wristband session is scoped to the tenant's vanity domain. The fact that sessions are scoped to the tenant allows for a user to have multiple tenant sessions active at the same time. This, in turn, enables users to easily switch between their tenants without re-authenticating.

Tenant Sessions

Easy to Manage Hierarchical Configurations

Wristband employs a hierarchical configuration model that allows developers to efficiently manage tenants at scale. Broad settings can be applied at the application level, with all tenants under that application inheriting these settings by default. However, to accommodate unique business needs, each tenant can customize its configuration by overriding inherited settings.

Hierarchical Configurations

Flexible Cross Tenant Administration

Wristband's permission model allows for granular cross-tenant administration. Using Wristband's permission boundaries, roles can be defined that permit users to access resources in a subset of tenants. Furthermore, Wristband's fine-grained permission model restricts users to specific actions within each tenant.


Alt text

Free Access To Enterprise Security Features

At Wristband, we believe security should never be restricted by a paywall. Whether you’re a large enterprise or a small startup, you deserve access to essential tools for securely authenticating your users. That’s why all of our security features, including MFA and SSO, are available in the free tier. By making security accessible to everyone, Wristband empowers companies to build secure software from day one.

Updated 2 days ago