Is it correct that multi-tenant mode shares roles and identities across clients?

In multi-tenant architecture, each client operates in its own isolated environment while still utilizing a shared infrastructure. This design ensures that clients can manage their identities, roles, and policies independently, maintaining data privacy and security. Therefore, roles and identities are not shared across different clients; each tenant has its own unique setup, which allows them to define their specific roles and access controls without influencing or compromising the settings of other tenants.

This separation of tenants is a critical feature of multi-tenancy, emphasizing that any customization or configuration made in one tenant does not affect others. Thus, if a particular client creates or modifies roles, those changes are contained within that client's environment and do not propagate to other tenants in the system.

The options that imply shared roles or identities, such as "only for admin roles" or "only between linked tenants," suggest scenarios where some level of sharing or linking exists, which contradicts the fundamental principles of multi-tenancy in identity management systems. Each tenant remains distinct to ensure robust security and compliance with various governance standards.