Guides

Multi-Tenancy Entity Model

Wristband's architecture enforces a strict hierarchical tenancy model.

Suggest Edits

To better leverage Wristband, it is important to understand the different types of entities you can interact with that represent the core of the platform. Those core entities are:

  • Applications
  • Tenants
  • OAuth2 Clients
  • Identity Providers
  • Users

Entity Hierarchy

The backbone of the Wristband entity hierarchy consists of: Applications > Tenants > Users.

Each tenant in Wristband has a unique tenant identifier (tenantId). Users must always be assigned to a tenant, and a single user cannot belong to multiple tenants, ensuring complete isolation and tenant-specific control over users.

Multi-Tenant Entity Model

Tenants and User Uniqueness

There are 3 fields within User entities that must be unique within a tenant:

  • email
  • username
  • externalId

User Uniqueness in a Tenant

Users in the same tenant can have the same email, username, and externalId values as long as they are provisioned in different identity providers.

For example, if Tenant A has a user with email [email protected] in the Wristband identity provider, creating another user with the same email in the same provider will fail due to a uniqueness violation.

Unique Users in Same Tenant Error

However, creating another user with the same email in the Google Workspace identity provider will succeed, as they are distinct entities.

Unique Users in Same Tenant Success

User Uniqueness Across Tenants

Users with the same email can exist in different tenants, even within the same identity provider. For instance, creating a user with [email protected] in Tenant B's Wristband identity provider will succeed, even if it exists in Tenant A.

Unique Users Across Tenants

Updated about 1 month ago