[mffap]

One of the challenges we see is providing self-service for team management. That includes letting an admin assign roles to their users, manage user lifecycle (eg through sso), and setting up security policies. For sure you can build the basics, but it becomes complex later on if you manage a lot of tenants or or more enterprise customers. For Auth only there are many solutions out there that work great. There's only a few solutions with multi-tenancy at the core, though, like https://github.com/zitadel/zitadel

[barnabas-szoke]

Thanks for your answer. Zitadel looks promising.

1. Could you elaborate on the RBAC challenges? What is the main complexity?

2. What is the main selling point of Zitadel in terms of multi-tenancy compared to the competitors?

3. From your perspective, are you aware of any customer segments or niches that are underserved in the IAM market in general that might be worth pursuing?

[mffap]

For RBAC, I see two main challenges. You need to make sure that you get all the roles for all client applications for a user to make a decision. That becomes a bit more complex if you go into scenarios where each tenant can also manage their own clients and roles. Secondly, complexity comes from the self-service to assign roles, ie. delegating access management to the tenants. You need to allow certain users to assign the roles to users in their organization, or in general manage their users. That authorization model has to be applied to the whole system, including APIs obviously.

Most solution solve the authentication part, so login with a local user or federated users via identity brokering (eg, OIDC/SAML via EntraID). The main selling point of ZITADEL is that it also solves the authorization, as mentioned above, across multiple tenants as well as the self-service aspect of delegating configuration of security policies and user management to "Managers" in the tenants. You get that out of the box, no development needed. You can read more here: https://zitadel.com/blog/multi-tenancy-with-organizations Also, you can self-host ZITADEL which is not available for all solutions, but is quite a selling point when talking to enterprise customers.

I think the b2b niche was already mentioned in this thread. But I don't think it is underserved, as many vendors jump onto that. Healthcare and Manufacturing are two sectors that are hard to crack with IAM for their special requirements. The tools I've seen are working but very expensive and customized. Yet also the two sectors are very traditional (read: on-prem AD) and need a lot of work if they want to move to more federated IAM systems.