Ya not where we can expect better interaction... M...
# general
a
Ya not where we can expect better interaction... Maybe GitHub?
m
Hello @adventurous-battery-51816 are you posting about the same issue as Gauthier above or is it related to something else?
a
My reply was the general lack of replies / activity... So a general issue. Slack might not be the right option if banners like this are loading right away in a chat about a paid product:
My original question was: So multitenancy is how ory deals with multiple FQDNs on one ory instance? I'm trying to do SSO and if each FQDN corresponds to its own ory kratos instance, then how do we have one login (SSO) across 4 domain names? [2:47 PM] Johnathan https://www.ory.sh/docs/kratos/guides/multi-tenancy-multitenant
m
Hello @adventurous-battery-51816 the main function of this Slack is the community chat - we offer a separate support ticketing system for Ory Network users. But you are right that Slack recently really put on the nag-screens to get us on a paid plan - which is not feasible for this size of community. Other other I see would be to use something like Discord or a forum-like software like Discourse - both have their own set of tradeoffs and a migration is pretty involved. But something we would definitely take a look at next year. Are you using Ory Network or looking to self-host Ory? In Ory Network you can use the so-called "Multi-brand" feature.
a
Only looking to self host. Just mentioned the paid user thing because I noticed several others who mentioned that they are... Zulip is a lot more in line with a company that is into FOSS that discord or slack. There are others as well.
Your docs contradict what a lot of github posts say: "It is not possible to self-host Ory Kratos as a multi-tenant service as its data model does not support this due to data, scalability, and operational complexity."
Whereas there are posts around the web about "one kratos instance per domain" in order to have a multitenant ory setup without ory network...
https://www.ory.sh/ory-vs-auth0/ "Allow users to have different profiles per tenant" - not listed as paid... Still confused
Or put differently, how would one achieve this using Ory's offerings - or can they? "...With the hosted login page from ZITADEL developers will get the best support for multi-tenancy single-sign-on with third-party identity providers..." https://zitadel.com/docs/guides/integrate/login/login-users
m
See this for a more technical explanation why we say you cant do it self-hosted: https://github.com/ory/kratos/discussions/2403#discussioncomment-2575956 If we aren't explicit in the docs in our experience we get a lot of questions of people who run into issues attempting to do multi-tenancy themselves. So rather say its not supported than cause frustration. As for the comparison page "Allow users to have different profiles per tenant" - this is a comparison of Ory Network and Auth0 - multi-tenancy is only really a feature of the managed service.
one kratos instance per domain
this works on small scale but if you want "real" multi-tenancy with many tenants its not trivial, see the github comment above. As for the Zitadel orgs, I am not sure how they work exactly, but the equivalent would be https://www.ory.sh/docs/kratos/organizations/ probably - this is not an OSS feature though.