Sharing Identity users between sites

Hi there! Can I share Identity users between sites?

I need to set up 3 websites, let’s call them Apple, Beet and Carrot. I would need to give role-based access to about 50 users for Apple, 40 of them to Beet, and 30 of those to Carrot.

I’m going to use Functions to do role-based access control, so I’m hoping to set up a separate site, let’s call it Lime, as a login page. That page would have Identity with all 50 users, but 40 would have role beets-access, and 30 would also have carrot-access role.

Now the question I have is whether I can use Functions on Apple, Beet and Carrot sites to authenticate users from Lime’s Identity. If so, are there any examples or hints on how to achieve this in Functions?

Any help or tips will be greatly appreciated!

1 Like

Well you can check the current users role-group which is stored in the users Local storage

I’m afraid basing anything on local storage is out of the question… That is way less secure than what I need.

It looks like I’ll be using role-based redirection, so if a visitor isn’t authorized on Carrot, they will be redirected. My initial impression was to redirect them to Lime, but that would only allow them to log into Lime and still keep them not logged in on Carrot.

I’m not seeing any way to make role-based redirects work with another site’s Identity roles, so I would probably need to redirect them to a Function, that would have to connect to Lime’s Identity, and if this visitor is authorized there with role carrot-access, then I’d have to create a user in Carrot’s Identity and log them in, so that they can bypass role-based redirect on Carrot.

Or am I overthinking it?

Or maybe a better idea would be to try to use an event Function on Lime, so that when a user is logged in, they also get logged in to Apple, Beet and/or Carrot (and have users created if need be).

If anybody knows a solution, I’d appreciate. Otherwise, I’m gonna need to do some experiments…

Working on getting to this, will loop back here once i have an update! Thanks for your patience! :pray:

Hey, @divya . I’m wondering if there’s any update on this?

While I’m not sure what Divya has in mind, this demo from another colleague may be useful in illustrating “using identity on one site to gate another site (or sites)”:

It illustrates using an external auth provider, but leverages our identity feature in the way you’re describing.