Tenant-Select Component

This article will show how we can use the functionality of the tenant select component and explore its application within a flow. Using the tenant select component, we aim to provide an understanding of how to use the tenant details once selected.

The Component

Create a new screen inside a flow, and search for "Select Tenant":

Implementing Tenant Selection In A Descope Flows

Flow Overview

This following flow lets an administrator select a tenant that he is associated to, and triages on the tenant's name. If the name is 'test' the flow exits. Otherwise, the tenant SSO Configuration is printed to the screen:

A Closer Look At The Condition

Here is a closer look on the condition, that uses the tenant's name:

You can use the tenant's domain or domains and any custom attributes you define. For creating custom attributes, you can read further in this article.

Using The Selected Tenant Context Key

After selecting a tenant inside the screen, you can also query it from the context with form.userSelectedTenant:

JWT After Tenant Selection

After the tenant has been selected, the JWT will have the dct (descope current tenant) claim marking which tenant is the actively selected tenant. If there's just one tenant associated with the user, Descopes does not have to select the tenant since the dct is automatically set to that one tenant.

{
  "amr": [
    "oauth"
  ],
  "dct": "T2JEfswIPhl9I5YipLhSLNa6VfVV",
  "drn": "DS",
  "exp": 1708620768,
  "iat": 1708620588,
  "iss": "xxxxx",
  "rexp": "2024-03-21T16:49:48Z",
  "sub": "xxxxx",
  "tenants": {
    "xxx": {},
    "T2JEfswIPhl9I5YipLhSLNa6VfVV": {},
    "xxx": {},
  }
}

Updating Tenant Information

You can also use flows in administrative ways to update tenant information and have your tenant admin use them.

Update Email Domain

The email domain field helps you automatically associate users by their email domain to that tenant. Here is how you can embed a way to change the email domain inside a flow: