Coder deployment scale is frequently blocked by our lack of user management features. For example, it's impossible to have multiple groups of templates with distinct, isolated admins (#7633). It's also impossible to have two sets of users with no knowledge of each other and no ability to interact, a must-have for security and compliance.

A common workaround is standing up multiple Coder deployments. Not only does this bring more administrative burden to the operators, it makes it more difficult for us to license our software, threatening our revenue and thus our sustainability as a business.

This issue is meant to be a long-running conversation on multi-tenancy, a potential solution to our user management problems as well as the path towards delivering Coder as SaaS.

Challenges

This is an incomplete list of the major engineering work required to support multi-tenancy:

• Our current code-first approach to deployment configuration is challenging to adapt to a multi-tenant environment. We have several control plane options, such as --disable-password-auth, which should be org-scoped.
• OIDC providers are globally registered, whereas in a multi-tenant system, they would need to be registered per organization. We may still need a concept of global providers; for instance, in a SaaS setting, we might have global SSO providers for GitHub and Google.
• We need to build out the UI/CLI/API that exposes Organizations to users.
• A decision must be reached on whether user accounts can belong to multiple organizations (site-namespaced) or should be limited to one (org-namespaced).

Next Steps

• Collect feedback on the demand for multi-tenancy / SaaS
• Complete documenting the necessary engineering work