Multi-Tenancy

Multi-tenancy is a design pattern in which one deployment of a system serves many separate tenants. Each tenant, typically an organization, business unit, or brand, operates as if it has its own dedicated instance, with its own users, configuration, branding, and access policies. Under the surface, all tenants share the same infrastructure, application code, and, often, the same database with logical separation between tenant data.

The alternative is single-tenancy, where each customer gets a physically separate deployment. Multi-tenancy is more resource-efficient and simpler to operate at scale, but it demands strict isolation controls to prevent data leakage between tenants.

Key isolation boundaries include data partitioning (ensuring one tenant’s queries never return another tenant’s records), authentication separation (distinct login configurations per tenant), and authorization scoping (roles and permissions that are meaningful only within one tenant).

For CIAM, multi-tenancy is essential for platforms that serve B2B customers, SaaS providers, or organizations managing multiple brands, each needing its own identity configuration under a shared system.