This article helps you understand the concept of multi-tenant authorizers. It helps to understand their usecases. It describes how multi-tenant authorizers work.
Multi-tenant authorizers in a nutshell
Multi-tenant authorizer is an authorizer in the system tenant that can be used to protect multi-tenant APIs. You can create multiple authorizers that use different types of API gateways.
Multi-tenant authorizers in depth
The solution for multiple-tenant authorizers consists of the following steps:
An authorizer is created in the system tenant.
The authorizer is deployed.
The services and APIs are synchronized only to the system tenant.
After the services and APIs are synchronized to the system tenant, the administrators of the client application tenant can create authorization policies and bind them to the system APIs. System services and APIs are read-only, so it is not possible for those administrators to change the services and APIs.
When an authorizer performs API enforcement, it fetches the configuration from ACP, like available services, APIs, and their policies, for the specific tenant. It other words, there are two types of policies available. Those configured on the system tenant level, and those configured for a particular tenant.