System Design FAQ: Top Questions
64. How would you design a Multi-Tenant SaaS Platform?
A Multi-Tenant SaaS Platform allows multiple organizations (tenants) to use a single software deployment while keeping their data logically isolated and secure.
๐ Functional Requirements
- Tenant-based data isolation
- Per-tenant configuration (themes, limits)
- Tenant-aware authentication & authorization
- Billing, onboarding, audit logs per tenant
๐ฆ Non-Functional Requirements
- Horizontal scalability
- Security and access control enforcement
- Custom domains and rate limits
๐๏ธ Multi-Tenancy Models
- Shared DB, Shared Schema: Fastest, single schema with tenant_id field
- Shared DB, Separate Schema: Better isolation, harder upgrades
- Separate DB per tenant: Strongest isolation, complex scaling
๐งช PostgreSQL Row-Level Isolation
CREATE POLICY tenant_isolation_policy
ON customers
FOR ALL
USING (tenant_id = current_setting('app.current_tenant')::uuid);
SET app.current_tenant = 'tenant-123';
SELECT * FROM customers; -- returns only tenant-123's data
๐ Tenant-Aware Auth
- JWT contains
tenant_idclaim - Every API validates tenant context
๐งฑ Directory Structure for Logical Isolation
src/
tenants/
tenantA/
tenantB/
shared/
configs/
๐งพ Billing Hooks
- Per-tenant usage metering
- Stripe webhook: invoice.paid, subscription.updated
๐ Observability Per Tenant
- Per-tenant metrics: API usage, error rates, latency
- Per-tenant audit and access logs
๐งฐ Tools & Tech Stack
- Database: PostgreSQL, DynamoDB with partition key
- Auth: Auth0, Firebase, Cognito with custom claims
- Monitoring: Datadog, Prometheus + tenant tags
- Billing: Stripe with metadata: tenant_id
๐ Final Insight
Multi-tenancy allows economies of scale while introducing challenges in isolation and configuration. Choose the right data model based on tenant volume and security needs. Enforce isolation at all layers: auth, queries, logs, and storage.