Tenant Discovery

For multi-tenant applications, user login is a two-phase process. Tenant discovery is the first phase, and it is performed on the Application-level Login Page. The goal of the Application-level Login is to find the Tenant-level Login Page that the user needs to authenticate on.

Application-level Login URL for Wristband-hosted Pages

There are publicly available URLs where you can reach the Wristband-hosted Application-level Login Page for multi-tenant applications.

Wristband Vanity Domains

Let's say we had a Wristband application named "Your App" with an application domain name of yourapp. The login URLs would look like the following:

Custom Domains

If you had the custom domain auth.yourapp.io enabled for your application, the login URLs would look something like the following:

Supported Query Parameters

The URLs for the Wristband-hosted Application-level Login Page can support certain query params that will be processed and utilized by the Wristband platform. You can use the following query params for enhanced functionality:

Signup Link on Login Form

If Signup is enabled for your application, there is a Signup Action Link at the bottom of the Login Form on the Wristband-hosted Application-level Login Page.

The following is the expected mapping of the Application-level Login Page to Signup Action Link locations:

How to Discover Tenants

There are two ways in which a user can find their Tenant-level Login Page when interacting with the Application-level Login Page. The user can either enter their email address for a more consumer-like experience, or they can enter their tenant domain name for a direct path to their Tenant-level Login Page.

Note: You can customize which tenant discovery strategy your application users can perform by configuring the Tenant Discovery Workflow Policy in the Wristband Dashboard. By default, users will first see a form to enter their email address to discover their tenant, and there will also be a link button to let them toggle to using their tenant domain name instead. You have the option to reverse the order so that the tenant domain name strategy appears first instead. Alternatively, you can also configure the workflow policy to only allow for a single discovery strategy, in which case no link button will appear.

Using an Email Address

When you first land on the Application-level Login Page, the user is prompted to enter their email address. When using an email address, the login experience changes depending on how many users in Wristband exist across your application's tenants. If a user with the provided email address can be found only in one tenant for your application, then the user will be automatically redirected to that Tenant-level Login Page.

If a user with the provided email address can be found in two or more tenants for your application, then the user will be sent a Tenant Discovery email. When the user opens that email in their inbox, they will see an action button/link to click. Clicking on that will send them to the Wristband-hosted Tenant Discovery Page. From here, the user will see every tenant they belong to and can choose which Tenant-level Login Page to go to.

Using a Tenant Domain

If they want to enter their tenant domain name instead, they can click the link under the form input to change to that experience instead. Providing a tenant domain name will send the user directly to their Tenant-level Login Page.

If they want to go back to entering their email address instead, they can click the link under the form input to change back to that experience.