Skip to main content

Identity

Overview

This section explains how Keymate models user identities across multi-Tenant, multi-department environments. It covers the core identity model, the relationships between users, groups, roles, and Organizations, how identity attributes project into access tokens, how Tenant boundaries isolate identity data, how organizational units shape identity context, and how administration responsibilities delegate across scopes.

When to Read This Section

Read this section when you need to understand how Keymate represents users and their organizational context, how identity data flows into authorization decisions, how Tenant isolation works at the identity level, or how to design delegated administration across departments.

Who Should Start Here

  • Architects designing multi-Tenant identity strategies
  • Developers integrating identity-aware services
  • Platform engineers configuring organizational structures and admin delegation

Key Topics

Identity Model

Core identity primitives: subjects, principals, and authentication context

Users, Groups, Roles & Organizations

How identity entities relate and how roles resolve across organizational levels

Identity Attributes & Claims

Custom attributes, token projection, and claim assembly

Tenant-Scoped Identity

Tenant isolation boundaries for identity data and administration

Org-Unit-Aware Identity

Department hierarchy and how organizational context shapes identity

Scoped Administration Model

Delegation of administrative authority across organizational boundaries

Representative Journeys

  1. Identity Model — understand the core identity primitives
  2. Users, Groups, Roles & Organizations — understand entity relationships
  3. Identity Attributes & Claims — understand how attributes project into tokens
  4. Tenant-Scoped Identity — understand Tenant isolation at the identity layer
  5. Org-Unit-Aware Identity — understand department context in identity
  6. Scoped Administration Model — understand delegated admin boundaries