Multi-tenancy, facilitated by the multi-tenant “auth mode”, allows you to run multiple Dittofeed workspaces on a single instance of Dittofeed. These workspaces allow you to isolate data for different customers, and can be managed programmatically.

The multi-tenant auth mode also provides separate workspace member accounts, which can log into Dittofeed using their own credentials and permissions.

The multi-tenant auth mode is only available in dittofeed-ee, and Dittofeed cloud. See dittofeed-ee for more information on installing dittofeed-ee.

Setup

Multi-tenancy utilizes OIDC (OpenID Connect) for authentication. To enable multi-tenancy, you will need to configure an OIDC provider.

Auth0

In order to configure Auth0 as an OIDC provider for multi-tenancy, use the following environment variables.

.env
OPEN_ID_CLIENT_ID='<your-auth0-client-id>'
OPEN_ID_CLIENT_SECRET='<your-auth0-client-secret>'
SECRET_KEY='<your-secret-key>'
AUTH_MODE='multi-tenant'
AUTH_PROVIDER='auth0'
SIGNOUT_URL='/dashboard/signout'
# Example: https://dittofeed.us.auth0.com/
OPEN_ID_ISSUER='https://<your-auth0-domain>.auth0.com/'
OPEN_ID_AUTHORIZATION_URL='https://<your-auth0-domain>.auth0.com/authorize'
OPEN_ID_TOKEN_URL='https://<your-auth0-domain>.auth0.com/oauth/token'
OPEN_ID_USER_INFO_URL='https://<your-auth0-domain>.auth0.com/userinfo'

Configuring Auth0

In auth0 create a Regular Web Application.

Then in the settings of the application, (https://manage.auth0.com/dashboard/us/dittofeed/applications/<application-id>/settings) take the following actions.

  • Copy the Client ID which will be used as the OPEN_ID_CLIENT_ID.
  • Copy the Client Secret which will be used as the OPEN_ID_CLIENT_SECRET.
  • Add a callback URL of the form https://<your-dittofeed-instance>/dashboard/oauth2/callback.
  • Add a Logout URL of the form https://<your-dittofeed-instance>/dashboard/signout/complete.
  • Add an Allowed Web Origins of the form https://<your-dittofeed-instance>.
  • Allow Cross-Origin Authentication.
  • Click Save Changes.

Generating a Secret Key

See our documentation on Authentication Modes for instructions on how to generate a new SECRET_KEY.