### Core Concept
* Identity is a well-understood. There is a broad range of tools and services that can support your ability to authenticate users in a variety of models. However, in SaaS environments identity takes on additional scope and responsibility. In a multi-tenant SaaS environment, your identity solution must introduce the notion of a tenant and bind that tenant to a user. This creates what is referred to as a “SaaS Identity”, where both the identity of the user and the identity of its corresponding tenant are unified. When you look at tokens returned from a SaaS authentication process, they will now include the context of the tenant. How this identity is acquired and resolved can vary based on the needs of a SaaS environment. You may host your own identity solution, you may rely on external providers, or you may use some mix of these models. In all cases, though, you sill need to arrive at a solution that stitches together a SaaS identity.

### Why It Matters
* Identity represents the entry point of your multi-tenant experience. It is the point at which we acquire tenant context and share that with all the downstream moving parts of our SaaS architecture. How you represent identity will be essential to your ability to streamline how and where identity is applied across the rest of your architecture. It connects you to isolation, routing, data partitioning, and a host of other architectural considerations. Identity also plays a pivotal role in the onboarding and tiering experience of your SaaS customers. It influences how you will introduce new tenants. You may also chose different models for representing tenant identity based on the tiering model of your application.

### When Should I be Thinking About This?
* Identity is amongst the areas that should be at the front of your design and architecture process. It is at the core of bringing multi-tenancy to your environment and serves as a forcing function across the rest of your architecture. You may not have all the requirements of identity resolved up front. However, it’s still essential that you pick some strategy for connecting users to tenants so you can inject tenant context into the rest of your solution. 

### What Are The Typical Deployment Patterns?
* While there are multiple ways to implement identity, there are some common themes. The patterns are typically driven more by the needs of your market segments, your customer onboarding experience, and the realities of your domain. The two main categories here would be internally and externally hosted identity. With internally hosted identity, a SaaS provider would own all the moving parts of the identity. With the externally hosted identity model, the identity provider would require some federation model that would allow them to authenticate from external sources while still mapping users to your SaaS environment’s notion of tenants. SSO can also be part of these patterns. Of course, there are also hybrid models as well that support some mix of these options.