Question: Are there any SaaS products where a user can belong to only a single tenant? I'm thinking about cases where a tenant has many users. Are there cases where it isn't many-to-many? very new startups? enterprise cases?

I can think of B2B offerings such as cybersecurity, where the user is e.g. InfoSec engineer

I'll take a look, thanks!

Another possibility is government applications like taxation, where your physical identity is 1:1 mapped with your system identity and rigidly enforced. Or online multiplayer games where you are placed in a specific tenant, usually geographically bounded, and can't join other ones. Sometimes you can migrate or pick which one to join, but you can't play across multiple simultaneously. This would depend on whether you consider the serving layer of these games to be SaaS I suppose. World of Warcraft famously forced an account to be Horde or Alliance in the early days, most modern mobile games don't tell you that your geo bound until you try to add a friend on the other side of the planet. Otherwise I can only think of a couple of edge cases, as I suspect you are meaning for a typical multi-tenant B2B or B2C SaaS product. The blocker here for me would be that you are limiting your product from ever doing in-product sharing and collaboration. At Tb, If we set up a dedicated instance for a specific use case for an enterprise customer, like say low-latency log analytics, then all users tagged to that use case are directed to that instance. The user may have other tenants for other use cases, but that one is optimised for that purpose. Likewise if we have a B2B2C use case, such as processing the metrics for personalised analytics dashboards for each of their tenants, then their pass-through users (if you think of it that way) also only belong to a single tenant that is optimised for that use case.

It was a concept that I thought about in a previous company. Consider a contractor that has dealings with multiple of my tenants, or perhaps an integrator with a SaaS wide identity. But then I thought about all those tenants with SAML or Okta integration, and I said to myself, nahhh, too much effort for a use-case most clients won't feel comfortable with - allow the tenants to control access - why should i?