Need Help with Multi-Tenant, 2FA, and Role-Based Authentication in NestJS using BetterAuth
Hi everyone,
I’m currently working on an SSO using NestJS as the backend framework, and I’m running into a few challenges related to authentication and authorization with BetterAuth. I hope someone in the community can point me in the right direction or share their experiences.
Here's what I'm trying to achieve:
Multi-Tenant System:
I need to manage users and tenants/organizations (which I’m referring to as enterprises or organizations).
A user can belong to multiple organizations, and each organization has its own set of rules and configurations.
Conditional 2FA Enforcement (Just an Example):
Some organizations might require 2FA for authentication, while others won’t.
I need to enforce 2FA only when a user is logging into an organization that mandates it (i.e., a user logging into Organization A must go through 2FA, but logging into Organization B does not require it).
This is just an example of a scenario where the authentication flow should change based on the organization the user is signing into. The core requirement is handling different authentication flows based on the tenant.
Dynamic Role-Based Authentication:
The user's role and permissions can change depending on the organization they are accessing.
A user could have a different role in one organization than in another.
When a user signs into another organization, their authentication flow should adapt to the roles and permissions that are specific to that organization.
My Questions:
Is it possible to achieve dynamic role management and conditional authentication flows (like the 2FA example) based on the organization a user is logging into using BetterAuth?
How can I implement this with NestJS using BetterAuth’s SDK and features (especially around the multi-tenant model)?
Any advice, code snippets, or resources on integrating BetterAuth into a multi-tenant SSO system where roles and authentication requirements (like 2FA) change depending on the tenant?
Thanks in advance for your help!
3 Replies
can some on please help me with this, I'd be grateful!!!
anyone?
??
@Ping , can you help here?
Is it possible to achieve dynamic role management and conditional authentication flows (like the 2FA example) based on the organization a user is logging into using BetterAuth?- dynamic role isn't supported by better auth org plugin but you can obv. implement this yourself. - conditional 2fa based on org isn't supported as well unless the org requires a differnt email in which case you can attach 2fa to that user as a requirement.