Multi-Tenant SaaS Foundation

Overview

The Multi-Tenant SaaS Foundation is a complete, production-grade starting point for building software-as-a-service applications that serve multiple organizations from a single deployment. It solves the hardest architectural problems you face when building a SaaS product: tenant isolation, access control, team management, and subscription billing.

Built with Next.js, TypeScript, Prisma, and PostgreSQL, this foundation uses a shared-database, row-level isolation model that balances cost efficiency with strong data separation. Every database query is automatically scoped to the current tenant through Prisma middleware, making accidental cross-tenant data leaks structurally impossible.

Architecture

The system is organized into four core layers:

Tenant Isolation Layer -- PostgreSQL Row-Level Security (RLS) policies enforce data isolation at the database level. A Prisma middleware automatically injects the tenant context into every query. Even if application code has a bug, RLS prevents cross-tenant data access. Each tenant has a unique subdomain or slug, and tenant resolution happens at the edge middleware layer.
Authentication & Authorization -- User authentication is handled through Supabase Auth with support for email/password, magic links, and OAuth (Google, GitHub). Once authenticated, the RBAC system determines what a user can do within their tenant. Roles (Owner, Admin, Member, Viewer) are fully customizable, and permissions are checked at both the API route and UI component levels.
Team Management -- Tenants can invite users by email, manage pending invitations, assign roles, and remove members. The invitation flow handles edge cases like inviting existing users, expired invitations, and users who belong to multiple tenants. A tenant switcher lets users move between organizations seamlessly.
Billing & Subscriptions -- Stripe integration handles subscription lifecycle management including plan selection, upgrades/downgrades with proration, payment method management, and invoice history. Webhook handlers process Stripe events to keep local subscription state in sync. Feature gating enforces plan limits (e.g., number of team members, API calls, storage) at the middleware level.

Key Features

Row-Level Security -- Database-enforced tenant isolation. Even raw SQL queries cannot access another tenant's data.
Role-Based Access Control -- Granular permissions system with Owner, Admin, Member, and Viewer roles. Easily extensible for custom roles.
Team Invitations -- Full invitation lifecycle with email notifications, expiry handling, and multi-tenant user support.
Subscription Billing -- Stripe-powered plans with usage limits, proration, and dunning. Webhook handlers keep billing state in sync.
Tenant-Aware Middleware -- Next.js middleware resolves the current tenant from subdomain or path, injecting context into every request.
Feature Gating -- Enforce plan limits at the API layer. Upgrade prompts are built into the UI components.
Audit Logging -- Track who did what within each tenant for compliance and debugging.

What's Included

Full Next.js application with App Router architecture
Prisma schema with tenant isolation models and RLS migration scripts
Complete RBAC implementation with role management UI
Stripe billing integration with Customer Portal support
Team invitation system with email templates (React Email)
Tenant switcher and onboarding flow
Admin dashboard for tenant management
Comprehensive test suite (unit, integration, and E2E with Playwright)
Deployment guides for Vercel and Docker

Who Is This For?

This foundation is designed for developers and startup teams building B2B SaaS products. If you are building a project management tool, CRM, analytics platform, or any application where multiple organizations need their own isolated workspace with team collaboration, this gives you months of architectural work already done.

You should have working knowledge of Next.js, TypeScript, and PostgreSQL. The codebase is fully typed, well-documented, and structured for easy extension. It is not a black box -- every line of code is yours to read, modify, and own.

Overview

Architecture

The system is organized into four core layers:

Tenant Isolation Layer -- PostgreSQL Row-Level Security (RLS) policies enforce data isolation at the database level. A Prisma middleware automatically injects the tenant context into every query. Even if application code has a bug, RLS prevents cross-tenant data access. Each tenant has a unique subdomain or slug, and tenant resolution happens at the edge middleware layer.

Authentication & Authorization -- User authentication is handled through Supabase Auth with support for email/password, magic links, and OAuth (Google, GitHub). Once authenticated, the RBAC system determines what a user can do within their tenant. Roles (Owner, Admin, Member, Viewer) are fully customizable, and permissions are checked at both the API route and UI component levels.

Team Management -- Tenants can invite users by email, manage pending invitations, assign roles, and remove members. The invitation flow handles edge cases like inviting existing users, expired invitations, and users who belong to multiple tenants. A tenant switcher lets users move between organizations seamlessly.

Billing & Subscriptions -- Stripe integration handles subscription lifecycle management including plan selection, upgrades/downgrades with proration, payment method management, and invoice history. Webhook handlers process Stripe events to keep local subscription state in sync. Feature gating enforces plan limits (e.g., number of team members, API calls, storage) at the middleware level.

Key Features

Row-Level Security -- Database-enforced tenant isolation. Even raw SQL queries cannot access another tenant's data.

Role-Based Access Control -- Granular permissions system with Owner, Admin, Member, and Viewer roles. Easily extensible for custom roles.

Team Invitations -- Full invitation lifecycle with email notifications, expiry handling, and multi-tenant user support.

Subscription Billing -- Stripe-powered plans with usage limits, proration, and dunning. Webhook handlers keep billing state in sync.

Tenant-Aware Middleware -- Next.js middleware resolves the current tenant from subdomain or path, injecting context into every request.

Feature Gating -- Enforce plan limits at the API layer. Upgrade prompts are built into the UI components.

Audit Logging -- Track who did what within each tenant for compliance and debugging.

What's Included

Full Next.js application with App Router architecture

Prisma schema with tenant isolation models and RLS migration scripts

Complete RBAC implementation with role management UI

Stripe billing integration with Customer Portal support

Team invitation system with email templates (React Email)

Tenant switcher and onboarding flow

Admin dashboard for tenant management

Comprehensive test suite (unit, integration, and E2E with Playwright)

Deployment guides for Vercel and Docker

Who Is This For?