Realms are containers that hold Users, Orgs, and related data. Each realm’s data is completely separate from any other realm.
Many apps will only have 1 or 2 realms. At the same time, certain types of multi-tenant apps may have dozens or even thousands. Let’s explore some different scenarios.
In the most basic setup, an app will have 1 realm. That single realm will contain all users for the entire app. This is by far the most common setup.
One potential variation on this basic setup is 2 realms. The first realm holds all normal users for the app. The second realm holds administrative users who should have access to manage some kind of backend portal.
This works best when the backend/management portal is distinct from the main app (either as a separate app, or just a separate section of the main app). If administrative users also use the main part of the app, perhaps with elevated access, then a better approach is usually to use a single realm and use the
permissions field on Memberships.
Multi-tenant apps vary widely in their authentication needs. Many multi-tenant apps fit the 1 or 2 realm setups already discussed.
However, some apps need to provide separate authentication credentials for each tenant’s own users. In this case, it is usually appropriate to use a separate realm for each tenant. This provides several advantages:
In addition to one realm for each tenant, it may also be appropriate to have 1 or 2 additional realms, for the tenants themselves and/or administrative users, same as the more basic setups described above.
Multiple realms are also useful if you have multiple, separate apps that all use AuthRocket. Instead of needing to setup separate AuthRocket accounts, you can use a single account with multiple realms. Of course, if you prefer to setup separate AuthRocket accounts, you’re welcome to do so.