I’m experimenting if keycloak is something for us.
We have multiple tenants for our education software SaaS.
The tenants have their own idP, so in every realm I configure an identity provider for them. And obviously I want to keep their users separated from other tenants users. That’s all fine.
But this is the kicker: our SaaS is comprised of multiple applications and api services.
They are all under our control. But all I can find now is that I have to create a client for every of our application in all the realms each with their own client id.
And also obviously then, all the applications need to be aware of all the clientids for every tenant using that particular app/service.
How can I have separate users per realm but share the client and maybe even share some users (our own management logins for example)?