The Curity Identity Server supports multi-tenancy. A tenant can be assigned to each authentication profile, thus allowing to create a logical data silo per organization, subsidiary, customer etc. All data are stored in a single multi-tenant enabled data source which greatly reduces the complexity of database maintenance.

When a tenant ID is configured on an authentication profile then all linked profiles (token and user management profiles) will inherit this tenant. As a consequence, all accounts, credentials, devices, linked accounts and buckets will all be assigned the tenant ID when persisted. Moreover, a profile can only see and use the data for the tenant ID it is assigned to.

When multi-tenancy is configured, a given user is able to get an account with the same subject (user name, email etc) in a different tenant. However, a subject remains unique in a given tenant.

Requirements to Multi-Tenancy

Before enabling multi-tenancy on a profile, the following requirements must be met:

  • All data sources used by the authentication profile must be JDBC data sources
  • All data sources used by the authentication profile have a database schema compatible with multi-tenancy
  • the authentication profile must be empty before enabling multi-tenancy


To check that the database schema is compatible with multi-tenancy, look for the tenant_id column in the accounts table. It is also possible to upgrade an existing database using migration scripts provided in misc/upgrade/9.1-to-9.2 directory. Database schema initialization scripts without multi-tenancy support are provided in Curity Identity Server releases under misc/database-schemas directory.


When enabling multi-tenancy on a non-empty authentication profile, all existing data will not inherit the tenant ID and therefore will not be visible to the profile!

Configuring Multi-Tenancy

To enable multi-tenancy:

  1. Go to Facilities / Data Sources, for every JDBC data source used by the profile, enable Multi-tenant Mode option.
  2. For each empty authentication profile, go to General settings, and configure the Tenant ID.


A profile without configured tenant ID will be assigned the default tenant.