IAM Team, What do you think of the $subject? Basically if its a Non-SaaS service provider, the login is restricted to users of the same tenant domain. In some cases the users are not even aware of their tenancy. In such cases it may not be practical to ask for the tenant from the user. The tenant is only an implementation level detail. In such a case we actually know the tenant to which the service provider sent the original authentication request. We can consider that as the tenant domain of the user as well.
I know we can do this now also with customization. But it will be better if it is supported out-of-the-box. Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture