将项目级用户分配给多个租户 [英] Assign project-level user to multiple tenants

问题描述

在 Google Identity Platform 文档中找不到任何明确描述是否可以将单个用户分配给多个租户的地方.请参阅 https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants

Cannot find anywhere on Google Identity Platform docs that clearly describe whether it's possible to assign a single user to multiple tenants. see https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants

我的项目需要能够让单个用户登录到多个独立的租户.目前，我必须在我希望能够登录的每个租户上创建一个新用户.这不好，因为我创建的每个新用户都有不同的 uid 和单独的密码管理.对于单个用户，我希望能够跨租户维护相同的 uid，以便关联的用户数据也可以保持一致.

My project needs the capability to have a single user be able to login to multiple, separate tenants. Currently, I have to create a new user on every tenant I want to be able to login to. This is not good because each new user I create has a different uid and separate password management. For a single user, I want to be able to maintain the same uid across tenants so the associated user data can be consistent as well.

我在想有什么方法可以在项目级别(而不是租户级别)创建用户，然后将该用户分配给特定租户?

I was thinking there would be some way to create a user at the project level (not tenant level) and then assign that user to specific tenants?

一些随意的想法:文档说了一些关于在租户之间迁移用户的事情，也许这是一种方式.还想过使用我现有的项目级 uid 创建租户用户会以某种方式合并它们，因此 uid 和密码管理是相同的?

Some random thoughts: The docs say some things about migrating users between tenants, perhaps that is one way. Also was thinking that creating a tenant user with my existing project-level uid would somehow merge them so the uid and password management is the same?

我发现这个概念性讨论很有帮助:https://softwareengineering.stackexchange.com/questions/403274/multitenancy-with-cross-tenant-users我从该链接中收集到的是，SSO 与多租户是分开的.所以我试图在多租户谷歌 idp 之上找出一个 SSO 解决方案.关于如何在多租户谷歌身份平台上添加 SSO 的任何代码解决方案/建议?

I found this conceptual discussion to be helpful: https://softwareengineering.stackexchange.com/questions/403274/multitenancy-with-cross-tenant-users what I gathered from that link is that SSO is separate from multi-tenancy. So I'm trying to figure out an SSO solution on top of multi-tenancy google idp. Any code solutions/suggestions for how to add SSO on top of multi-tenant google identity platform?

推荐答案

如果您需要跨租户的相同用户，也许您应该依赖用户电子邮件、自定义声明、联合 ID(例如.user.providerData[0].uid).当您获得用户的 ID 令牌时，无论租户或 user.uid 是什么，您都可以访问相同的信息.

If you need the same user across tenants maybe you should instead rely on the user email, custom claims, federated ID (eg. user.providerData[0].uid). When you get an ID token for the user you have access to this same information regardless of the tenant or user.uid.

这篇关于将项目级用户分配给多个租户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！