Skip to main content

Workspace isolation

Workspace isolation creates logical boundaries within a single SecureAuth platform instance, enabling multiple brands, business units, or regions to operate with completely separate identity flows, user stores, and configurations while sharing underlying infrastructure efficiently.

💡 Why this matters
You deliver distinct brand experiences while reducing infrastructure costs and operational complexity through shared platform resources with complete logical separation.

Key capabilities​

  • Complete logical separation – Isolated identity flows, user directories, and configurations per workspace
  • Brand-specific experiences – Independent authentication journeys, policies, and user interfaces
  • Flexible directory models – Connect different identity sources per workspace (Active Directory, cloud IdPs, databases)
  • Policy isolation – Workspace-specific MFA, risk rules, and access controls
  • Resource efficiency – Shared infrastructure with isolated tenant boundaries

Outcomes​

Organizations that implement workspace isolation typically achieve:

  • Reduced infrastructure costs by consolidating multiple brand systems onto single platform
  • Faster brand onboarding through rapid workspace provisioning
  • Maintained brand integrity with complete separation between experiences

Design principles​

  • Design clear workspace boundaries that prevent cross-brand data access
  • Implement resource sharing at infrastructure level while maintaining logical isolation
  • Plan for scalable growth as new brands or regions are added
  • Ensure compliance alignment with workspace-specific regulatory requirements

Where to configure​

Use these guides to implement workspace isolation:

Compliance note​

Workspace isolation supports compliance by providing clear data boundaries, separate audit trails, and the ability to apply different regulatory requirements per workspace as needed.

FAQ​

How are workspaces different from separate platform instances?

Workspaces provide complete logical separation while sharing infrastructure resources, reducing costs and operational overhead compared to maintaining separate platform instances.

Can workspaces share user data or configurations?

No. Workspaces are completely isolated with separate user directories, policies, and configurations to maintain brand separation and security boundaries.

How many workspaces can be supported?

SecureAuth supports multiple workspaces per platform instance, with the specific number depending on usage patterns and resource requirements.

Can workspaces use different identity providers?

Yes. Each workspace can connect to different identity providers (Active Directory, cloud IdPs, external databases) based on brand or regional requirements.

What happens if one workspace has issues?

Workspace isolation ensures problems in one workspace don't affect others, maintaining availability and security across all brand experiences.