Almost every B2B Laravel app eventually grows into a multi-tenant SaaS. The decisions you make in the first month single database vs database-per-tenant, subdomain vs path-based routing, how you scope queries are very expensive to undo at month twelve. This guide is an opinionated walkthrough of the architecture I would pick for a new SaaS in 2026.
Decisions this guide makes for you
- Single database, tenant_id column on every tenant-scoped table
- Subdomain routing (acme.app.com), with a fallback path mode for free trials
- Stancl/Tenancy v4 for the tenancy primitive, Spatie Permissions for roles
- Tenant-aware queues, mail, and storage
- Stripe Cashier with per-tenant subscriptions
Info
Single DB or DB-per-tenant?
Single database scales to thousands of tenants if you index <code>tenant_id</code> aggressively. DB-per-tenant is heavier ops (migrations, backups, connections) and only pays off when tenants need data isolation for regulatory reasons. Default to single DB; revisit at >5000 paying tenants.
1. The schema decision
-- 0001_create_workspaces_table.php
CREATE TABLE workspaces (
id BIGINT UNSIGNED PRIMARY KEY AUTO_INCREMENT,
slug VARCHAR(60) UNIQUE NOT NULL,
name VARCHAR(120) NOT NULL,
plan VARCHAR(40) DEFAULT 'free',
trial_ends_at TIMESTAMP NULL,
created_at TIMESTAMP NULL,
updated_at TIMESTAMP NULL
);
-- Every tenant-scoped table gets this:
ALTER TABLE projects ADD COLUMN workspace_id BIGINT UNSIGNED NOT NULL AFTER id;
ALTER TABLE projects ADD INDEX idx_workspace (workspace_id);
ALTER TABLE projects ADD CONSTRAINT fk_projects_workspace
FOREIGN KEY (workspace_id) REFERENCES workspaces(id) ON DELETE CASCADE;Warning
Index discipline is everything
On a single-DB tenancy model, every query MUST start with <code>WHERE workspace_id = ?</code> and that column must be the leading column of every relevant index. Without it, one busy tenant's queries do full-table scans across every tenant's data.
2. The tenancy primitive
// app/Models/Workspace.php
class Workspace extends Model
{
protected $fillable = ['slug', 'name', 'plan', 'trial_ends_at'];
protected $casts = ['trial_ends_at' => 'datetime'];
public function users() { return $this->belongsToMany(User::class)->withPivot('role'); }
public function projects() { return $this->hasMany(Project::class); }
public function owner() { return $this->users()->wherePivot('role', 'owner'); }
public static function current(): ?self { return app('current.workspace'); }
}// app/Http/Middleware/ResolveWorkspace.php
class ResolveWorkspace
{
public function handle(Request $request, Closure $next)
{
$host = $request->getHost();
$rootDomain = config('app.root_domain');
$slug = Str::endsWith($host, '.' . $rootDomain)
? Str::before($host, '.' . $rootDomain)
: $request->route('workspace');
$workspace = Workspace::where('slug', $slug)->firstOrFail();
abort_unless($workspace->users->contains($request->user()), 403);
app()->instance('current.workspace', $workspace);
URL::defaults(['workspace' => $workspace->slug]);
return $next($request);
}
}3. The global scope you cannot forget
// app/Models/Concerns/BelongsToWorkspace.php
trait BelongsToWorkspace
{
protected static function bootBelongsToWorkspace(): void
{
static::addGlobalScope('workspace', function (Builder $query) {
if ($workspace = Workspace::current()) {
$query->where($query->getModel()->getTable() . '.workspace_id', $workspace->id);
}
});
static::creating(function ($model) {
if (! $model->workspace_id && $workspace = Workspace::current()) {
$model->workspace_id = $workspace->id;
}
});
}
public function workspace() { return $this->belongsTo(Workspace::class); }
}Danger
The global scope is necessary but not sufficient
A developer can call <code>Project::withoutGlobalScope('workspace')</code> and leak data. You also need: a Pest test that creates two workspaces and asserts every Resource shows zero cross-leak; a CI check that grep-bans <code>withoutGlobalScope</code>; a code review checklist for any direct DB query.
4. Tenant-aware queues
Jobs run outside the request lifecycle. Workspace::current() returns null inside a queued job unless you teach it the tenant.
abstract class TenantAwareJob implements ShouldQueue
{
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
public int $workspaceId;
public function __construct()
{
$this->workspaceId = Workspace::current()?->id
?? throw new RuntimeException('TenantAwareJob dispatched outside a workspace context');
}
public function handle(): void
{
$workspace = Workspace::findOrFail($this->workspaceId);
app()->instance('current.workspace', $workspace);
$this->run();
}
abstract protected function run(): void;
}
// Every job extends this — no exceptions.
class GenerateMonthlyReport extends TenantAwareJob
{
protected function run(): void
{
$report = Report::create([...]);
// Project::query() now scopes to the right workspace automatically.
}
}5. Stripe Cashier per workspace
// app/Models/Workspace.php
use Laravel\Cashier\Billable;
class Workspace extends Model
{
use Billable;
public function stripeName(): string { return $this->name; }
public function stripeEmail(): string { return $this->owner->first()->email; }
}
// Subscribing
$workspace->newSubscription('default', 'price_pro_monthly')
->trialDays(14)
->create($paymentMethodId);
// Gating features
public function handle(Request $request, Closure $next, string $feature)
{
abort_unless(
Workspace::current()->subscription('default')?->valid()
&& Workspace::current()->subscription('default')->hasProduct($feature),
402
);
return $next($request);
}Webhook the seat count
Stripe metered billing reports seats per period. Run <code>cashier:webhook</code> on deploy and update <code>workspaces.seat_count</code> on <code>customer.subscription.updated</code>.
Lock the trial cliff
Add a middleware that returns 402 when <code>trial_ends_at</code> is past and there is no active subscription. The error page tells the owner to upgrade.
Email the owner before the trial ends
Three days before, one day before, day-of. This single sequence improves trial-to-paid conversion more than any product change.
6. The ops checklist nobody talks about
✓ Pros
- Backups: nightly mysqldump, plus row-level <code>workspace_id</code> export per tenant on demand
- Per-tenant rate limits using the <code>RateLimiter</code> facade keyed by workspace id
- Log enrichment: every log line carries <code>workspace_id</code> via a Monolog processor
- A "switch to tenant" admin tool — staff can impersonate read-only into any workspace
✕ Cons
- A noisy neighbour can choke shared resources — Octane workers, queue throughput, DB connections
- Schema changes affect every tenant simultaneously; treat migrations as production incidents
- Cross-tenant analytics queries are easy to write and easy to leak
better engineering ROI from one well-designed multi-tenant app vs one app per customer
When to bail to DB-per-tenant
Note
The signal is regulatory, not technical
Healthcare, finance, government — any contract with "data residency" or "physical isolation" clauses pushes you toward DB-per-tenant. Otherwise, a well-indexed shared schema scales further than you think. I have run single-DB tenancy past 8000 paying workspaces on a single managed Postgres instance.
Final word
Multi-tenancy is not a Laravel feature you install — it is an architecture you commit to. Get the schema, the global scope, the tenant-aware jobs, and the test discipline right early, and the next three years of feature work compound on a foundation that does not leak. Get any of those wrong, and the cleanup will dominate your roadmap.
Success
Build the leak test first
Before you write a single feature: a Pest test that creates two workspaces, seeds them with disjoint data, and asserts that hitting every API endpoint as workspace A returns zero of workspace B's rows. Run it on every PR. This single test prevents the entire category of bugs that kill SaaS companies.
