Core Concepts

Realm

Learn about FerrisKey Realm, a powerful feature for managing multi-tenant applications.

A Realm in FerrisKey represents an isolated environment that enables multi-tenant application management. Think of a Realm as a secure, independent workspace where different organizations, teams, or environments can operate without interfering with each other.

What is a Realm?

A Realm is a logical boundary that provides:

Complete isolation between different tenants
Independent configuration for authentication, authorization, and security policies
Separate user management with distinct user bases
Isolated data storage ensuring tenant data privacy
Customizable branding and user experience per tenant

Realms enable you to serve multiple customers or organizational units from a single FerrisKey deployment while maintaining strict separation between them.

Key Concepts

Tenant Isolation

Each Realm operates as a completely separate entity:

Security Boundary Users, roles, and permissions in one Realm cannot access resources in another Realm. This ensures complete tenant isolation and data privacy.

Independent Configuration

Every Realm maintains its own:

Authentication providers (OAuth, SAML, LDAP, etc.)
User stores and identity sources
Password policies and security rules
Session management settings
API keys and client credentials
Custom attributes and user schemas

Multi-Environment Support

Realms are perfect for managing different environments:

Production - Live customer-facing applications
Staging - Pre-production testing and validation
Development - Active development and experimentation
Customer Demo - Isolated demo environments for prospects

Use Cases

SaaS Multi-Tenancy

For Software-as-a-Service applications serving multiple customers:

Customer A Realm

Isolated environment for Customer A with their specific authentication requirements, user base, and security policies.

Enterprise Divisions

Large organizations can use Realms to separate different business units:

HR Division - Employee management and internal apps
Customer Support - External customer portals
Partner Network - Third-party integrations and access

Environment Management

Development teams can maintain separate Realms for each stage of their deployment pipeline:

Environment	Purpose	Users
Development	Active coding and testing	Developers, QA teams
Staging	Pre-production validation	Product managers, stakeholders
Production	Live customer applications	End users, customers

Realm Features

User Management

Each Realm provides independent user management capabilities:

User registration and onboarding flows
Profile management and custom attributes
Group and role assignments specific to the Realm
User lifecycle management (activation, deactivation, deletion)

Authentication & Authorization

Realms support flexible authentication configurations:

Multiple identity providers per Realm
Custom login flows and branding
Role-based access control (RBAC)
Attribute-based access control (ABAC)
Fine-grained permissions management

Security Policies

Independent security configuration per Realm:

Password complexity requirements
Multi-factor authentication (MFA) policies
Session timeout and security settings
Audit logging and compliance tracking
Rate limiting and abuse protection

Benefits

Operational Efficiency

Centralized management of multiple tenants from a single platform
Reduced infrastructure overhead compared to separate deployments
Consistent security policies across environments
Simplified compliance and audit processes

Customer Experience

Branded environments tailored to each tenant
Custom authentication flows matching customer requirements
Isolated performance ensuring one tenant doesn't affect others
Flexible integration with existing customer systems

Development Velocity

Environment parity between development, staging, and production
Easy testing of multi-tenant scenarios
Rapid deployment of new customer environments
Consistent APIs across all Realms

Best Practices

Naming Conventions

Use clear, consistent naming for your Realms:

Recommended Naming

acme-corp-prod - Production environment for Acme Corporation
beta-customer-staging - Staging environment for beta customers
internal-dev - Development environment for internal teams

Security Configuration

Enable MFA for administrative access to Realm management
Regular audit of user permissions and access patterns
Monitor cross-Realm access attempts and suspicious activity
Backup configurations before making significant changes

Resource Planning

Monitor usage across Realms to optimize resource allocation
Set appropriate limits on users, sessions, and API calls per Realm
Plan capacity for peak usage periods across all tenants
Archive inactive Realms to maintain performance

Realms provide the foundation for secure, scalable multi-tenant applications. They enable you to serve diverse customers and use cases while maintaining the operational simplicity of a single FerrisKey deployment.

Edit this pageorReport an issue

User Management

Basic user management operations in FerrisKey.

Client

Learn how Clients in FerrisKey represent applications that rely on centralized authentication and access control.