Tenant : Change URL logic

[MaximeWewer]

Is your feature request related to a problem? Please describe.
I'm using tenant functionality and having some issues due to URL prefix logic:

• I need to add a DNS entry for each tenant to my DNS
• Security issues => tenant enumeration: with prefix url you can do enumeration on authentik domain
• Bypass limitation related to domain matching. Some service providers can manage multiple IdP providers and match the domain for it. With suffix logic, you can implement multiple IdPs without a problem.

Describe the solution you'd like
I would like to see tenant suffix URL logic

Actual : tenant1.authentik.com

Would like : authentik.com/tenant1/
Or : authentik.com/UUID of tenant/ => To remove domain enumaration

Describe alternatives you've considered
We can imagine a toggle to keep the current logic and let the user choose the preferred logic

Additional context
I think we can imagine two queries to fill in the context:
Check the suffix pattern first and if it doesn't match, perform the current query.

authentik/authentik/tenants/utils.py

Line 17 in ba3e78c

def get_tenant_for_request(request: HttpRequest) -> Tenant:

[MaximeWewer]

Linked to #8675

[cfradewavecom]

+1

[BeryJu]

(For context, the tenants mentioned in this issue have been renamed to "Brands" since)

This is not something we'll change anytime soon. The main idea behind "Brands" is to have separate branding on completely separate domains. To prevent domain enumeration, you could use a wildcard certificate