Tenant Override System
Wristband's override system allows for customizing the authentication experience of individual tenants.
Wristband's configurations are built using a two-level hierarchical model. At the top of the hierarchy is the application, and at the bottom are the tenants. By default, tenants inherit the configurations from their parent application. However, tenant-level overrides can be enabled to alter the configurations on a per-tenant basis. This enables each tenant to have a customized authentication experience.
Identity Provider Tenant Override Example
To illustrate how Wristband's hierarchical configurations work, let's walk through an example where we want to configure different identity providers (IdPs) for some of our tenants, allowing those tenants to log in with their enterprise IdPs.
Application Configuration Inheritance
To start with, we'll only have the Wristband IdP enabled at the application level.
Figure 1. Illustration demonstrating the inheritance of IdP configs at the application level to child tenants.
In Figure 1, neither Tenant A nor Tenant B has overridden the default IdP settings. Therefore, they'll both inherit the IdP settings from the application. In this case, the application only has Wristband enabled as an identity provider, so users from both tenants can log in only using their Wristband-managed identity.
Tenant-Level Overrides
Now let's imagine that Tenant B wants to allow their users to authenticate using their Google Workspace identity. To do that, we can configure Google Workspace as an identity provider associated with Tenant B. Once the Google Workspace IdP is configured, we can then enable the identity provider override toggle for Tenant B.
Figure 2. Illustration showing how tenants can override inherited IdP settings from the application.
At this point, when users go to Tenant B's login page, they will now be presented with the option to log in using their Google Workspace identity instead of their Wristband-managed identity. However, Tenant A's login page would continue to inherit the IdP settings from the application since it doesn't have IdP overrides enabled.
Remember to Enable Tenant Override Toggles
Simply creating or updating tenant configurations doesn't cause them to become active. In order for a tenant-level configuration to take effect, its corresponding tenant override toggle must be enabled.
Updated 2 days ago