I'm working on an app with organization-specific user accounts. Users first select their organization before logging in with their credentials or via SSO. If someone is part of multiple organizations, they need a different authentication flow for each, and I'm using localStorage to manage active accounts. However, I've run into a challenge: AWS Cognito limits the number of user pools to 1000, and I initially thought creating a user pool for each organization was a good idea, but I've heard that's not recommended. I need advice on how to allow users to log into both OrganizationA and OrganizationB using the same email address, but without linking these accounts together.
2 Answers
That's a neat idea but it won't work for my scenario. I need to keep the identities completely separate. Different organizations may have different security requirements, like MFA or different SSO options, and linking them could create a security loophole. For instance, a user could bypass stricter rules by logging into a less secure account from another organization. We need to find a way to handle these separate login flows without compromising admin-set policies!
You could implement an 'organization switcher' in your app's UI. This feature would show users a list of all organizations they're members of when they're logged in, which allows them to switch contexts without needing to link their identities. You could manage everything within a single user pool as long as you ensure the external Identity Provider (IdP) can authenticate them into their unique accounts, keeping access control intact for different orgs. What do you think?
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically