<div dir="ltr">I think the first question to ask is do you want to share users and config between tenants? If you do you should have a single realm, if not you should have separate realms.</div><div class="gmail_extra"><br><div class="gmail_quote">On 21 October 2015 at 14:38, Thomas Raehalme <span dir="ltr"><<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank">thomas.raehalme@aitiofinland.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On Tue, Oct 20, 2015 at 8:20 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thousands should be no problem at all. Tens of thousands should be ok, but we'd have to test that. I guess you're building a public api or something since you're expecting that many clients?</div></blockquote><div><br></div></span><div>I have been thinking of various ways to utilize Keycloak in a SaaS application. A separate realm per tenant is probably the most natural option, but how about using a single realm with individual clients for each tenant, would that make any sense? I think it would have its advantages (eg. the SaaS service provider could use a single account to access any tenant, and tenants could register themselves as clients when being deployed?).<br></div><div><br></div><div>Best regards,<br></div><div>Thomas<br></div></div></div></div>
</blockquote></div><br></div>