The new product I am creating will have person and company access. The problem is how can I simulate a tenant to enable companies access the system. I decided to not use tenant environment according previous question in the community http://www.outsystems.com/forums/discussion/18156/architecture-to-enable-shared-work-where-i-can-start/.
Below is the use case diagram that represents my context. The company subscription allows the employees and customers access the system. When is a person, only him or her access the system.
If I don't isolate each company I will have problems related to the system security.
Some ideas come up to my mind... I can encrypt the company id supplying the login link by email. However, someone can change the encrypted code and use the company´s name displayed on login screen to try some attack
Person login is easy because I have only to use an email and password to enable the access to the system.
Maybe I can use the same idea from person login to enable login inside company area. Could it be a solution to Company login ? However, the customer has an email that is outside the company's standards.
What do you think guys ?
Your best option is really to understand the tenant based on the username, if you can upfront know that they are unique across all tenant. If you are not able to use this rule, it will be necessary to identify the tenant within the login screen using a code (like you said) or using a custom URL combined with some SEO rules (eg. http://company1.acme.com, http://company2.acme.com )
Paulo has the right answer here. Make an eSpace that exposes the TenantId on User entity so you can look up usernames across tenants, and return the user ID and tenant ID and use that on your login page. Or the custom URL route to do the same. I usually do BOTH.
according your comments I decided to use the email on personal product and the custom URL on corporate product. Doing test on corporate environment will be using on premisse ? I tried to do some test on Outsystemscloud and already there is a rule to handle different urls.
It seems SEO URL will be available on enterprise version. In the Administration of OS I saw SEO URLs option and the feature is not available for cloud platform. Is it available on premisse ?
Luciano Schiavo wrote:
SEO URL is available both on premises and in the OutSystems Enterprise cloud (I've used it in both).
However, it is NOT available in the Java version.
Justin James wrote: