Multi-Tenant Management of Non-Primary Zones via Primary Zone Identity Source

Context:
In the current Recast Application Workspace architecture, each zone operates independently with its own identity source. This siloed model complicates centralized management and introduces overhead in multi-tenant environments.

Request:
Enable centralized management of non-primary zones from the primary zone, using the identity source configured in the primary zone. Specifically:

• Allow administrators in the primary zone to manage Recast actions, permissions, and workflows across non-primary zones.

• Authenticate and authorize access to non-primary zones using the identity provider of the primary zone (e.g., Azure AD, LDAP).

• Ensure role-based access control (RBAC) and audit logging reflect cross-zone operations accurately.

Benefits:

• Simplifies identity management across tenants/zones.

• Reduces configuration duplication and administrative overhead.

• Aligns with enterprise security models favoring centralized identity governance.

• Enables scalable delegation and automation across zones.

• Reduce license overhead for multi zone management

Suggested Implementation Considerations:

• Introduce a trust model between zones to allow identity delegation.

• Extend the Recast Workspace UI to reflect cross-zone visibility and controls.

• Ensure compatibility with existing RBAC and identity federation mechanism