Authentication

Overview

This section explains how Keymate authenticates users across diverse scenarios — from browser-based login and direct credential exchange to federated identity from external providers. It covers the configurable authentication flow model, OIDC and OAuth protocol interactions, SAML federation, external identity provider integration, multi-factor and step-up authentication, and user provisioning through directory synchronization.

When to Read This Section

Read this section when you need to understand how Keymate verifies user identity, how authentication flows chain together, how external identity providers integrate through federation, or how multi-factor authentication strengthens access security.

Who Should Start Here

• Architects designing authentication strategies for multi-Tenant environments
• Developers integrating applications with Keymate's authentication endpoints
• Security engineers configuring MFA policies and federation trust
• Platform engineers setting up directory synchronization and user provisioning

Key Topics

Authentication Flows

Configurable flow chains for browser login, direct grant, and step-up scenarios

OIDC & OAuth Interaction Model

Protocol-level interactions for token issuance, client registration, and grant types

Federation & External IdPs

Identity brokering, directory integration, and external credential systems

SAML Federation Model

SAML-based federation trust, assertion handling, and attribute mapping

MFA & Step-Up Authentication

Multi-factor methods and context-driven step-up enforcement

Provisioning & SCIM

User lifecycle provisioning, directory synchronization, and credential sync

Representative Journeys

• I need to understand how login flows work -> Authentication Flows
• I need to integrate an application using OIDC -> OIDC & OAuth Interaction Model
• I need to federate users from an external identity provider -> Federation & External IdPs
• I need to set up SAML-based federation -> SAML Federation Model
• I need to add multi-factor authentication -> MFA & Step-Up Authentication
• I need to synchronize users from a directory -> Provisioning & SCIM

Recommended Reading Order

1. Authentication Flows — understand the flow chain model
2. OIDC & OAuth Interaction Model — understand protocol-level interactions
3. Federation & External IdPs — understand external identity integration
4. SAML Federation Model — understand SAML-specific federation
5. MFA & Step-Up Authentication — understand multi-factor enforcement
6. Provisioning & SCIM — understand user lifecycle provisioning

Related Sections

• Identity — identity model that authentication establishes
• Token & Session — tokens and sessions that authentication produces
• Authorization — policy evaluation that consumes authenticated identity
• Security — security patterns built on authentication foundations