Multi-tenant architecture patterns including org_id claim management, JWT token structure with organization context, database isolation strategies for MongoDB and PostgreSQL, theme switching per organization, tenant provisioning workflows, data isolation patterns, and cross-tenant security. Activate for multi-tenancy implementation, tenant isolation, and organization-scoped data access.
View on GitHubJanuary 24, 2026
Select agents to install to:
npx add-skill https://github.com/Lobbi-Docs/claude/blob/main/plugins/lobbi-platform-manager/skills/multi-tenant/SKILL.md -a claude-code --skill multi-tenantInstallation paths:
.claude/skills/multi-tenant/# Multi-Tenant Architecture Skill
Comprehensive multi-tenant architecture patterns for the keycloak-alpha platform with organization-based isolation.
## When to Use This Skill
Activate this skill when:
- Implementing multi-tenant architecture with org_id claims
- Setting up database isolation strategies
- Configuring per-organization themes
- Building tenant provisioning workflows
- Ensuring data isolation and security
- Implementing cross-tenant access controls
- Managing organization-scoped resources
## Multi-Tenant Architecture Overview
The keycloak-alpha platform uses **shared database, isolated schema** approach with org_id-based isolation:
```
┌─────────────────────────────────────────────┐
│ Keycloak (Identity Provider) │
│ - Manages users across all organizations │
│ - Issues JWT tokens with org_id claim │
│ - Handles authentication & SSO │
└─────────────────────────────────────────────┘
↓ JWT with org_id
┌─────────────────────────────────────────────┐
│ API Gateway │
│ - Validates tokens │
│ - Extracts org_id claim │
│ - Routes to microservices │
└─────────────────────────────────────────────┘
↓ org_id in headers
┌─────────────────────────────────────────────┐
│ Microservices (8 services) │
│ - Enforce org_id filtering │
│ - Isolate data by organization │
│ - Apply org-specific business logic │
└─────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────┐
│ MongoDB / PostgreSQL │
│ - Shared database │
│ - org_id indexed on all collections/tables │
│ - Row-level security (PostgreSQL) │
└─────────────────────────────────────────────┘
```
## JWT Token Structure with Organization Context
### Token Claims
```json
{