By: AJ AJ user 25 Jun 2021 at 10:46 a.m. CDT

1 Response
AJ AJ gravatar
Hi, I am interested to know if there is a way to manage users by logically seperating them. Also scoping them to a particulat OIDC client. Eg: Within a company there are several organizations, each organization will have their own schema for the user record. Is it possible to acheive this? Secondly, we want to only provide access to logically seperated user store via SCIM to authorised OIDC clients. Is there a way to acheive this via Custom Scripts. One idea was to enable check in the SCIM Custom script by checking a claim on the JWT which will be used as bearer token to access SICM. If the claim matches an attribute on the user record, allow that record, fikter the rest. But we were not able to get hold of the access token in the custom script for SCIM. Is it possible to acheive this?

By Michael Schwartz Account Admin 25 Jun 2021 at 2:40 p.m. CDT

Michael Schwartz gravatar
These are interesting questions... it seems your are trying to achieve multi-tenance with one Gluu instance. This is a feature that a lot of customers have been asking for over the years. We have a back-of-the-envelope design to support it (see attached png). I think the script approach would be kind of hacky at scale. It would be worthwhile to have a conversation about this.