— 01
Row-level isolation, by default
Every Authaz primitive is scoped to a tenant. Sessions, decisions, audit events — none of them leak across orgs.
One database.
A thousand walled gardens.
Sessions, queries, files, decisions, audit — every primitive scoped to the right tenant by default. Retrofit costs go to zero.
TENANTS · GRIDallenterpriseprofree
A
Acme Corp
tenant_acme · US-EAST
owneradmindeveloperbilling-admin
MEMBERS
142
SESSIONS · 24H
1.8K
PLAN
ENT
C
Contoso
tenant_contoso
P
Pinpoint Health
tenant_pinpoint
V
Vector Labs
tenant_vector
M
Monolith Bank
tenant_monolith
N
Northwind
tenant_northwind
S
Sunrise Coop
tenant_sunrise
L
Lumen AI
tenant_lumen
B
Bramble
tenant_bramble
+ provision tenant
·
The model
A tenant is the smallest unit you can sell. Authaz makes it the smallest unit you build to.
Trying to retrofit multi-tenancy after launch is the most expensive engineering project a B2B startup will ever do. Authaz makes it the cheapest — because it's already there.
— 02
Per-tenant configuration
Roles, policies, branding, MFA requirements, retention. Defaults at the platform level, overrides at the tenant level.
— 03
Parent / sub-tenants
Holding companies, agencies, resellers. Inherit policies and billing down the tree, override where it matters.
What it covers
Tenancy at every layer that touches a user.
— 01
Isolation built into every layer.
Most apps put tenant_id on a few tables and call it a day. We push it through authn, authz, db, cache, files, and audit — so a missing scope is a build error, not a Sunday outage.
- session carries org_id, can't be forged
- ORM enforces scope, fails closed
- cache keys prefixed · no shared TTL
authn
tenant injected from session · forged claim → reject
authz
every policy evaluated with org_id, never global
db
row-level scope enforced at the ORM layer
cache
keys prefixed by tenant · no shared TTL
files
object paths namespaced · presigned URLs scoped
audit
event stream tagged by tenant · per-org export
— 02
Tenant scope flows through your code.
One scope handle, threaded through every read and write. Devs don't remember to filter by tenant — they couldn't bypass it if they tried.
- scope handle from session · type-safe
- middleware-based · zero boilerplate
- lint rule for unscoped queries
app · POST /v1/projects
↓
authaz.scope({ org_id: "org_acme" })
↓
db.projects.create({ tenant_id: "org_acme", ... })
any read · same scope auto-applied
db.projects.where({ tenant_id: ctx.org_id })
— 03
Tenants can be hierarchies.
Parents and children, with inheritance for policies, branding, and billing. Acme Corp owns Acme US owns Acme East. They share what should be shared and override what shouldn't.
- unlimited depth
- inherit · override · pin
- roll-up billing across the tree
Acme Corp
↳ Acme US
↳ Acme East
↳ Acme West
↳ Acme EU
↳ Acme Labs
policies · billing · branding inherited unless overridden
Code
Every read is scoped. Always.
The scope handle is non-optional. Forget it and the call doesn't compile.
app/api/projects.tstenant-safe
// every request carries the tenant in its session
const { org } = await authaz.requireSession(req);
// queries auto-filter by org_id — no manual where clauses
return db.projects.findMany({
where: { status: "active" }
}, org);
Spec
The fine print, up front.
Isolation model
logical row-scope · physical schema-per-tenant on enterprise
Per-tenant config
policies · MFA · branding · session TTL · retention
Hierarchies
parent / child / sibling · unlimited depth · inheritance with overrides
Data residency
per-tenant region pinning · US · EU · APAC
Cross-tenant guards
compile-time scope checks · runtime policy denials · CI lint
Tenant lifecycle
create · suspend · merge · export · delete (GDPR + CCPA)
Pricing model
per active tenant · unlimited members within plan
Pairs with
One platform. Every primitive.
Every Authaz product shares the same primitives — sessions, policies, audit, tenants. Pick what you need today; add the rest when you do.
01 · ORGANIZATION MANAGEMENT
Organization Management
Manage members, access, and tenant-level settings.
Read more →
02 · RBAC & PERMISSIONS
RBAC & Permissions
Role-based access controls for customer and admin surfaces.
Read more →
03 · ENTERPRISE SSO
Enterprise SSO
SAML SSO with IdP- and SP-initiated flows.
Read more →
Get started
Build for many tenants. From the first commit.
Row-level isolation, per-tenant policies, hierarchies — production-ready before your first customer.