US Patent 9992186 SAML representation for multi-tenancy environments

In response to a request received from a client device, the user is authenticated based on user credentials extracted from the request. Upon having successfully authenticated the user, tenants and one or more roles of each of the tenants associated with the user are identified. In one embodiment, an authorization token having information identifying the plurality of tenants and their respective one or more roles of the user is generated. The information of each of the tenants and its respective roles are encrypted with a specific key corresponding to the tenant. The authorization token containing the encrypted tenants and the roles of the user is transmitted to the client device to allow the client device to determine whether the user is allowed to access a requested resource based on the authorization token.