[mffap]

Have a look at ZITADEL (https://github.com/zitadel/zitadel or https://zitadel.com/), I think that does what you want. You can create multiple tenants (called Organizations) and you can setup security / login rules per organization such as enforcing MFA. Furthermore you can configure on each tenant a separate SSO and users are directly forwarded to their identity provider. When you first enter your username (could be an email) on the login screen, the policies of the user's organization will be applied. That allows you to route users based on their email domain etc. One additional thing to mention is that ZITADEL does not only handle authentication, but also authorization with self-service. Managers of an organization can, for example, assign users of their organization roles.

[aidos]

That sounds like just what I want.

ZITADEL was already on my list to try in the next round.

Can you clarify the pricing / plan required for that feature set?

[mffap]

All of these features are included. Main drivers for pricing in this case, I assume will be daily active users (sum over the month) and how many third-party identity providers you have configured. Unlimited tenants, users, permissions etc. are included. We use DAU instead of MAU, since there are many different use cases and that seems work quite well. Just take the MAU and multiply by how many times per month your users will sign-in. In the enterprise tier we offer more custom quotes for higher volumes, guarantee requirements, and support SLAs.

[aidos]

And to clarify on the third party providers. Assuming every org is using Azure - that’s 1 provider per org. So 53 orgs would be an extra $1,000 / month?

[mffap]

Yes that's correct. Get a quote for your use case, if you are already running on higher numbers. Pricing might not fit all cases, that's why there's also an Enterprise tier.

[andix]

Hmm, maybe take a look at their website? https://zitadel.com/pricing