auth.signIn({ provider: 'aguilabs' }) → rls.enforce({ tenant: customer_id }) → session.validate({ scope: 'network' }) → data.isolate({ policy: 'strict-rls' }) → auth.signIn({ provider: 'aguilabs' }) → rls.enforce({ tenant: customer_id }) → session.validate({ scope: 'network' }) → data.isolate({ policy: 'strict-rls' }) →

Infrastructure

The AguilabsNetwork

One login. Every app you build on Aguilabs. Your customers sign up once and they're in everywhere — forever.

What is the Aguilabs Network?

Every application built by Aguilabs runs on a shared authentication backbone — the Aguilabs Network. When a customer logs into one of your apps, their credentials work across all of them.

Think of it as a private SSO ecosystem for your business portfolio. One account. Multiple products. Zero re-registration.

For businesses on Starter and Growth plans, this is shared auth. Pro plans can add a dedicated namespace. Enterprise includes fully dedicated auth infrastructure by default.

The Network gets even stronger when clients add more projects over time. One login lowers friction, increases retention, and makes future apps easier to launch.

Example: bakery client
1

Customer visits bakery website

Signs up with email → Aguilabs account created

2

Owner adds an online ordering app later

Same Aguilabs account — customer already has access

3

Owner adds a loyalty program app

Still same login. Zero friction for customer.

One account · Three apps · Zero re-registration

Shared auth. Isolated data.

The most common question: "If auth is shared, can other businesses see my data?" No. Here's exactly why.

RLS

Row-Level Security

Every database table enforces a tenant check. Even if two businesses share an auth system, queries are filtered to return only that business's data. This is enforced at the database level — not just the application layer.

FN

Tenant Resolution

A database function resolves the logged-in user to their specific tenant ID on every request. All isolation policies reference this function, ensuring no query can cross tenant boundaries.

ISO

Zero Cross-Visibility

Business A's customer cannot see Business B's data — even if they share the same Aguilabs login. The isolation is absolute and database-enforced, not just hidden in the UI.

Technical Implementation
-- Auth: shared network auth (single namespace, all Aguilabs apps)
-- Tenant resolution: every request resolves to an isolated business context
-- Identity binding: user identity linked 1:1 to a tenant profile
-- Isolation: row-level policies enforced on every table, every query
-- Scope: projects, milestones, messages, assets, notifications, invoices
-- Dedicated auth: separate auth infrastructure per tenant (Pro add-on / Enterprise)

Auth models by plan

Start shared, upgrade to dedicated as your business scales.

STR

Shared Network Auth

Starter / Growth

Starter and Growth plans. Your app shares the Aguilabs Network auth namespace. Users log in with one Aguilabs account across all Aguilabs-powered apps. Data stays completely isolated per business.

Included
PRO

Dedicated Auth (Add-on)

Pro add-on

Pro plan add-on. A separate auth namespace provisioned exclusively for your app. Your users' accounts live in your own auth silo — no shared namespace. Same data model, fully separate identity infrastructure.

+$20/mo
ENT

Dedicated Auth (Included)

Enterprise

Enterprise plans include fully dedicated auth infrastructure. Separate auth namespace, fully white-labeled. Your brand, your platform, your users.

Included

Questions

Ready to build on the Network?

Every Aguilabs project is Network-ready from day one.

View Plans Start Your Project