Skip to content

How do I switch between tenants?

Requires Pro

Notory deliberately has no classic “tenant switcher”: a user account is fixed to exactly one tenant, and the tenant is permanently embedded in the sign-in token. Super admins work across tenants (they see all tenants in administration); everyone else uses a separate account with its own email address for each tenant.

  1. As a super admin: sign in with the super admin account. In Administration (tenant management, user management, audit log), you see the data of all tenants and can, for example, create a user in a specific tenant on purpose.

  2. As a regular administrator of several tenants: have a separate account created for you in each tenant (email addresses must be unique system-wide — for example via plus-addressing, it+acme@company.com, it+beta@company.com). To “switch”, sign out and sign back in with the other tenant’s account — or use separate browser profiles in parallel.

  3. Use owner access: creating a tenant always creates an owner account — that’s your entry point into that particular tenant.

  • No switch mechanism = smaller attack surface. Because the tenant is fixed in the token (a JWT claim, or stored on the API token) and there’s neither a header nor an endpoint for switching, a compromised session can never “climb over” into a different tenant. This is a deliberate security decision — see Tenant isolation.
  • Super admin view: for super admins, Notory sets the RLS bypass; management lists (users, tenants, audit log) then show all tenants. The super admin account’s “home” nonetheless remains its own tenant — creating objects without an explicit target always lands there.
  • API tokens are tenant-fixed: every token carries its creator’s tenant_id; requests made with that token always run within that tenant.