How to Set up Identity Platform multi-tenancy?

Biswanath Giri
Google Cloud - Community
Published in
5 min readMar 2

--

why Identity Platform multi-tenancy?

  1. Cost savings: By allowing multiple organizations to share a single instance of the platform, the cost of hardware, software, and maintenance can be shared, resulting in significant cost savings.
  2. Scalability: Multi-tenancy allows the platform to easily scale up or down to meet the needs of each organization, without requiring separate instances or servers.
  3. Security: By separating each organization’s data and users, multi-tenancy helps to ensure that data and resources are kept secure and private.
  4. Customization: Multi-tenancy allows each organization to customize their own settings, branding, and user experience, without impacting other organizations.

What is the advantage of multi-tenancy?

Multi-tenancy is a key advantage of Identity Platforms, as it allows multiple organizations to share resources and benefit from economies of scale, while maintaining their own unique requirements and data privacy.

What is Identity Platform multi-tenancy?

Identity Platform lets you add Google-grade authentication to your apps and services, making it easier to secure user accounts and securely manage credentials.

Multi-tenancy takes this concept one step further. Using tenants, you can create unique silos of users and configurations within a single Identity Platform project. These silos might represent different customers, business units, subsidiaries, or some other division. Multi-tenancy is most commonly used in business-to-business (B2B) apps.

Understanding tenants

You can use Identity Platform tenants to establish a data isolation boundary between resource hierarchies. Each tenant has its own:

  • Unique identifier
  • Users
  • Identity providers and authentication methods
  • Auditing and IAM configuration
  • Quota allocation
  • Identity Platform usage breakdown

This allows tenants to operate autonomously from one another, with different configurations and users, even though they are part of the same project.

Supported sign-in methods

Identity Platform tenants support many of the same authentication methods as non-tenant instances of Identity Platform. Currently, supported providers include:

  • Email/password
  • Social Providers (such as Google, Microsoft, and LinkedIn)
  • SAML Federation
  • OpenId Connect Federation

Reference link to follow the process

📌Enable multi-tenancy and create a tenant

📌Sign in users with tenants

📌Create sign-in page for multiple tenants

📌Migrate existing users to a tenant

📌Manage tenants programmatically

Follow the steps to complete the setup :

Login with https://console.cloud.google.com/

View All products ->Tool->Identify Platform

Enable multi-tenancy

  1. In the Google Cloud console navigation menu, go to Identity Platform > Settings. You can see where it is by clicking the following button
  2. Identity Platform ->Settings
  3. Click the Security tab.
  4. Click Allow tenants.

Clicking this button enables multi-tenancy and takes you to the Tenants page.

Create a tenant

  1. If you are not on the Tenants page, go to the Tenants page.
  2. Click Add Tenant.
  3. In the Name field, type firsttelnet.
  4. Click Save.

Selecting a tenant

You can select a tenant to view and manage its Identity Platform configuration.

By default, the Google Cloud console shows you your project’s Identity Platform configuration. To view and manage the Identity Platform configuration for a specific tenant, do the following:

  1. Click Scope to a tenant.
  2. Click firsttelnet
  3. You are now viewing the Identity Platform configuration for firsttelnet. You can manage this tenant the same way you manage a non-tenant Identity Platform project.

User account Linking, linking accounts that use the same email, Creating multiple accounts for each identity provider. User Actions enable to create and delete, follow the below screenshot to understand.

Security :

Identity provider in the project with authorized Domains and Add other domains.

Triggers:

Providers:

MFA(Multi-Factor Authentication ):

User:

Do more with the Identity Platform

Identity Platform multi-tenancy

Help document

Learn more about how Identity Platform multi-tenancy works, and what you can do with it.

Sign in a user with an email by using the Identity Platform

Learn how to use Identity Platform to sign in a user with an email and password.

Clean up:

To avoid incurring charges to your Google Cloud account for the resources used in this walkthrough, follow these steps.

Delete the tenant you created for this tutorial:

  • Go to the Tenants page.
  • In the tenant selector, select None (core-photon-372612).
  • Find firsttelnet in the tenants table, then click Delete tenant in that row.
  • In the dialog box that appears, click Confirm.

Optionally, you can disable multi-tenancy in your project:

  • Click Activate Cloud Shell to open a terminal window.
  • Run the following command in the Cloud Shell terminal:
curl -X PATCH -H \ "Authorization: Bearer $(gcloud auth print-access-token)" \ -H \ 'Content-Type: application/json' \ -H \ 'X-Goog-User-Project: core-photon-372612' \ -D \ '{"multi_tenant": {"allow_tenants": false}}' \ "https://identitytoolkit.googleapis.com/admin/v2/projects/core-photon-372612/config?update_mask=multi_tenant.allow_tenants"

Conclusion :

Setting up multi-tenancy on the Google Cloud Platform involves creating and managing multiple isolated environments, each with its own set of resources and access controls. you can set up multi-tenancy on the Google Cloud Platform, enabling multiple tenants to work within a shared environment while maintaining the security and isolation of their resources.

About me — I am working as a Senior Google Cloud Architect with 14 years of experience in IT industry. I am also a multi-cloud certified professional. along with hashicorp (10x GCP).

Currently providing end-to-end google cloud solutions to vendors, Customers and Stakeholders for their digital transformation journey from on-prem to Google Cloud.

If you have any questions, you can reach out to me on

Telegram: https://t.me/growwithgcp

Twitter: https://twitter.com/bgiri_gcloud

Instagram: https://www.instagram.com/google_cloud_trainer/

LinkedIn: https://www.linkedin.com/in/biswanathgirigcloudcertified/

Facebook:https://www.facebook.com/biswanath.giri

and DM me:) I am happy to help!!

You can also schedule 121 discussions with me on topmate.io/gcloud_biswanath_giri for any Google Cloud-related query and concerns:😁

Google Cloud Platform
Identity
Security
Gcp Security Operations

--

--

Biswanath Giri
Google Cloud - Community

Written by Biswanath Giri

204 Followers
Writer for

Helping students and professionals to learn cloud computing ,google cloud AI/ML and Google Workspace Helping Businesses with their journey to GCP

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams