Tenant-only verification is a security feature for that keeps user verification separate for each workspace when provisioning users through SCIM and Ziflow API. 

When a user is verified in one workspace, that verification only applies to that workspace. The user is not automatically verified in other workspaces associated with the same email address. It helps prevent unintended access between workspaces while continuing to support existing authentication methods such as SSO, MFA, Auth0, and social login providers.

With Tenant-only verification:

• Cross-workspace access is not automatically inherited.
• API-created memberships begin in a restricted state.
• Proof visibility is filtered until the user verifies themselves.
• Full workspace access is granted only after the user clicks a workspace-specific confirmation email or signs up directly through a trusted identity provider.
• Each workspace operates independently.

Authentication

Tenant-only verification does not replace or modify authentication methods. The feature only limits the scope of a verification event.

Tenant-only verification does not change:

• Auth0 authentication
• SSO
• MFA
• Password authentication
• Google or OAuth sign-in
• Workspace role permissions

Workspace access

Workspace access can exist in two states:

How workspace access is activated

Users can get workspace access in three ways.

API verification 

A Ziflow administrator marks a user as verified through the public API (verified = true).

Result:

• The user becomes verified only for that workspace.
• Proof access remains restricted.
• Other workspaces are unaffected.
• The user still must activate the workspace themselves through email confirmation.

The API cannot directly grant full workspace access.

Email confirmation link

A user clicks a verification email tied to a specific workspace.

Result:

• Access to that workspace is activated.
• Other workspaces remain unchanged.
• Each additional workspace requires its own email and confirmation step.

Social identity provider signup

A user signs up through a trusted identity provider such as Google OAuth.

Result:

• The user's workspace access starts in full scope.
• The user's existing workspace access in other workspaces do not change.
• Other workspaces still require separate activation.

User scenarios

Tenant-only verification affects existing Ziflow users who already have access to one or more workspaces and are one of the following:

• Invited through the API with verified: true
• Added through SCIM provisioning

Scenario: Invited team member

1. An admin invites a user to Workspace A.
2. The user receives a confirmation email.
3. The user clicks the confirmation link.
4. The user resets their password if required.

Result:

• The user receives full access to Workspace A only.
• Any workspace access in other workspaces remain restricted until separately activated.

Scenario: API-created membership

1. An admin verifies a user through the public API.
2. The user's workspace access becomes verified in restricted scope.

Result:

• Proof access remains filtered.
• The user must still activate their workspace access in their Ziflow profile.

Scenario: Google signup

1. A user signs up using Google OAuth.
2. A new workspace is created.

Result:

• The user's new workspace access starts in full scope.
• The user's existing workspace access in other workspaces remain unchanged.

Scenario: User added to another workspace during an active session

1. A user is already signed in to Workspace A.
2. An admin adds the same user to Workspace B.
3. The application displays a Verify prompt.
4. The user requests a verification email.
5. The user clicks the email confirmation link.

Result:

• Workspace B becomes fully activated only after email confirmation.