I have an open source SaaS workflow application, so it's best that I don't modify the code. For this application, we sell it as a SaaS, in which each company gets a unique URL and the users just login with their credentials. There are 3 groups of users
- Administrators
- Inside users
- Outside users
Now I don't want to touch the open souce workflow app as far as I can, but if I am forced to do it then I will do it. My task now is to create an external application that handles the registration and authentication of outside users.
The outside users group is different from other two groups. Both the Administrator and inside users groups are "localized" in each company, meaning that "AdminA" in companyA.mysoft.com and "AdminA" companyB.mysoft.com can be of different users.
But for the outside users group, they should be shared across all companies. This means that "outusers" in companyA.mysoft.com and companyB.mysoft.com must be the same person. This is because the Outside users group member can join multiple companies, and hence their username must be kept the same.
This is why I need to create an external application just to handle the registration and authentication of outside users. How to best design this application?
My thought is that I will create an external database that holds the Outside users group information. When a new Outside users member is created, I will attach him to company A in my external database, and create an entry for that user in the companyA db in SaaS workflow application, with exactly the same username and password. If later he wants to join a new company, my script will add him to companyB db in SaaS workflow application.
There will be data redundancies in this case, but is it a big problem? What about the chances of data corruption?
Or should I just modify the application to support this situation, but that will be hell lots of work because:
- When a user profile is viewed, instead of just query the company db, the logic must be modified so that the app checks first what is the group of the user, and pull the data from the external application if he's an outside user.
- To keep my copy of workflow synch with the open source one is a headache.
- Authentication code at model layer must be changed. When an outside user login via my external application, I will verify the user and pass the logon credential to the main workflow application. This means that the workflow application must now handle external credential.
What's your thoughts here?