I have a web app with AWS Amplify for the backend and cognito for the authentication. I want to achieve a multi tenant app.
So a user fills out a registration form and then it should create a seperate user pool and assign this user for this.
When logging in you should provide the tenant id. (Similar to slack with the workspaces) Inside a user pool there should be different roles like legal, admin, appuser, webuser.
I am struggling with creating a user pool... Is there a easy way or a better way to achieve my goal?
Thanks!
Rather than a separate user pool for each tenant, you could consider a custom attribute for each user, eg tenant-id.
At registration time the user is assigned his tenant-id, which can be provided from a list, cookie, url, or other means.
This value can then consulted to provide the user access and data based on their assigned tenant-id
The challenge with your approach is that the designated user pool for each tenant does not exist initially, making the first registration process dependant on a non existent user pool. This seems like an antipattern for using Cognito. If you start with a global user pool, then spawn a new user pool, the user would have two identies im two user pools.
Alternatively, you could pre-build a custom user pool for each tenant in advance as part of initial tenant provisioning, and use the appropriate user pool for each registration, including the first user.
NB Maximum number of user pools per account is 1,000. This can be increased om request.