Realms (B2B / B2C)
Realms partition identities, policies, and branding into isolated tenants — so a workforce realm, a B2B partner realm, and a B2C customer realm coexist in one nexusID deployment without bleeding into each other.
Admin console: /admin/realms
Concepts
- Realm — an isolation boundary for users, authentication policy, branding, and (optionally) its own identity sources.
- B2B realm — partner/organization-scoped access, often federated to the partner's IdP.
- B2C realm — customer identity, typically with self-service sign-up and social login.
- Pseudo-access — a controlled way to operate across realm boundaries when explicitly granted.
How it works
Each realm carries its own policy and branding. Home-realm discovery routes a user to the correct realm/IdP, and tokens are issued in the realm's context. Governance (reviews, SoD, approvals) applies per realm, so each tenant is certified independently.
Typical setup
/admin/realms→ New realm → choose B2B or B2C and configure policy + branding.- Attach identity sources / federation for the realm.
- Assign applications and users to the realm.