Hi,
I have a system where right now a user could work in different context : in the same client application he could switch his context and work either for a company1 as “Admin” or if he switch to the second context , he would work as “Editor” for the company2…
Is it possible to assure the same kind of thing in Keycloack ?
Anyone could suggest me or point me in the right direction ?
For 2 companies you can go for 2 realms.
But then you will be creating 2 user accounts with same username for those 2 realms. Is there any problem in that?
What you’re essentially suggesting is per organization roles to create a kind of multi-tenant support. There are a lot of discussions here around how to do that, but no perfect answer. A lot of people use nested groups, where the top-level group is the organization, and the nested group is the “role” within that organization. Assigning a user to multiple nested groups can be used to grant them permissions with organizations.
1 Like