Realm

A Realm in FerrisKey represents an isolated environment that enables multi-tenant application management. Think of a Realm as a secure, independent workspace where different organizations, teams, or environments can operate without interfering with each other.

What is a Realm?

A Realm is a logical boundary that provides:

• Complete isolation between different tenants
• Independent configuration for authentication, authorization, and security policies
• Separate user management with distinct user bases
• Isolated data storage ensuring tenant data privacy
• Customizable branding and user experience per tenant

Key Concepts

Tenant Isolation

Each Realm operates as a completely separate entity:

Independent Configuration

Every Realm maintains its own:

• Authentication providers (OAuth, SAML, LDAP, etc.)
• User stores and identity sources
• Password policies and security rules
• Session management settings
• API keys and client credentials
• Custom attributes and user schemas

Multi-Environment Support

Realms are perfect for managing different environments:

• Production - Live customer-facing applications
• Staging - Pre-production testing and validation
• Development - Active development and experimentation
• Customer Demo - Isolated demo environments for prospects

Use Cases

SaaS Multi-Tenancy

For Software-as-a-Service applications serving multiple customers:

Customer A Realm

Isolated environment for Customer A with their specific authentication requirements, user base, and security policies.

Enterprise Divisions

Large organizations can use Realms to separate different business units:

• HR Division - Employee management and internal apps
• Customer Support - External customer portals
• Partner Network - Third-party integrations and access

Environment Management

Development teams can maintain separate Realms for each stage of their deployment pipeline:

Realm Features

User Management

Each Realm provides independent user management capabilities:

• User registration and onboarding flows
• Profile management and custom attributes
• Group and role assignments specific to the Realm
• User lifecycle management (activation, deactivation, deletion)

Authentication & Authorization

Realms support flexible authentication configurations:

• Multiple identity providers per Realm
• Custom login flows and branding
• Role-based access control (RBAC)
• Attribute-based access control (ABAC)
• Fine-grained permissions management

Security Policies

Independent security configuration per Realm:

• Password complexity requirements
• Multi-factor authentication (MFA) policies
• Session timeout and security settings
• Audit logging and compliance tracking
• Rate limiting and abuse protection

Benefits

Operational Efficiency

• Centralized management of multiple tenants from a single platform
• Reduced infrastructure overhead compared to separate deployments
• Consistent security policies across environments
• Simplified compliance and audit processes

Customer Experience

• Branded environments tailored to each tenant
• Custom authentication flows matching customer requirements
• Isolated performance ensuring one tenant doesn't affect others
• Flexible integration with existing customer systems

Development Velocity

• Environment parity between development, staging, and production
• Easy testing of multi-tenant scenarios
• Rapid deployment of new customer environments
• Consistent APIs across all Realms

Best Practices

Naming Conventions

Use clear, consistent naming for your Realms:

Security Configuration

• Enable MFA for administrative access to Realm management
• Regular audit of user permissions and access patterns
• Monitor cross-Realm access attempts and suspicious activity
• Backup configurations before making significant changes

Resource Planning

• Monitor usage across Realms to optimize resource allocation
• Set appropriate limits on users, sessions, and API calls per Realm
• Plan capacity for peak usage periods across all tenants
• Archive inactive Realms to maintain performance