Hi, I receive a question from my peers review of Ory and can someone please help? The question is about does Ory has the concept of Realm of Keycloak? Let's say I want to use Ory Hydra to provide different public/private keys for different groups of users, and also configure different groups of users in Ory Kratos.

No, multi-tenancy is not supported in ory products. The fastest way to get multiple tenants working is probably through ory cloud. Alternatively you can deploy kratos and hydra multiple times to get isolated environments

thx for quick confirmation. so I can refer to the doc https://www.ory.sh/kratos/docs/guides/multi-tenancy-multitenant/

Yeah - keep in mind that multi tenancy means like completely isolated environments so you can have e.g. primary keys which are clashing etc

thx for reminding. so if I want to have different groups, what would be recommended without using multi tenancy?

hard to say, as you see from the multi-tenancy / realm / group discussion already it highly depends on your model. I would suggest to just play around, see whjat’s possible, and learn if it fits your needs. In the end noone can make that decision for you and you will probably even learn a few new things 🙂

@loud-grass-72494 this might be helpful also if you need some roles that are cross-tenant (e.g. an admin from your company who can log into multiple tenants' systems for diagnostics/support purposes) and then you have a claim in the tenants' employees' JWTs that only allows them access to the data for their tenant

I think you can get around most tenancy issues by just handling more hydra/kratos/login node microservices. Our biggest issue with prod right now is i18n (internationalization, we support at least 4 languages) on Kratos emails and Kratos messages have no simple way to customize it for now.