This is a great question, and is a reference architecture we should definitely document. Here’s a high-level overview of our recommended best practice for deploying a multi-tenant app from within a single Application Experience.
-
We recommended a single application to own all devices for all clients. This application also hosts your end-user experience.
-
Each Experience User is added to a Experience Group for the client they belong to.
-
That same group name is added as a Device Tag to each device owned by that client. For example, the tag key could be “client” and the value is the group’s name.
-
Whenever a Experience Page is requested, the workflow backing it automatically gets the user information, which includes the Groups they belong to. You can then query all devices with the “client” tag equal to the group that the user belongs to.
-
You can now display a list of all devices the user has access to and also verify the user has access to see data from a device by comparing the user’s group name to a specific device’s “client” tag.