Hi, if I want to separate users by type (e.g students versus employers), should I create a new project? Or is there a way to segment them in Ory like having different identity schemas?

Hi Duarte! Both approaches are possible. Generally, we see customers using separate projects for internal and external users, as security requirements/configuration typically differ. For example, employees may have stricter requirements to provide 2FA than end users.

is there much downside to separate projects?

The downside could be, that two projects may complicate how your application authenticates/differentiates users. If employees and end users use different applications, then there should not be much added complexity. Yes, certain subscriptions include multiple projects. For example, the Scale subscription provides 5 production projects (aka tenants)

yep perfect

The implementation of different identity schemas I have seen most commonly are, when an individual audience requires additional properties, such as a foreign ID as part of the metadata. Or when certain audiences should have different traits, for example some users are allowed to sign up with a social login but others aren’t.

got it

If I understand you correctly, you could achieve that by adding a public metadata property (‘student’ | ‘employee’). This value will be available as part of the identity when you resolve the session. So you could use that information also on the clientside. A trait, unlike metadata, can be edited by the user as part of self service. Metadata can not be edited by the user.

awesome

You’re welcome (-: Have a great weekend