Organization Model

Overview

The Organization Model defines how Keymate structures multi-tenant identity and access management. It covers Tenant isolation, hierarchical department structures, user assignments, application catalogs, delegated administration, and organization-aware token flows. Together, these concepts enable B2B, B2B2C, and G2C platforms to serve multiple organizations from a shared infrastructure while maintaining strict data and access boundaries.

When to Read This Section

Read this section when you need to understand how Keymate isolates Tenants, organizes departments, assigns users and applications, or embeds organizational context into access tokens.

Who Should Start Here

• Architects designing multi-tenant platforms on Keymate
• Developers integrating with organization-aware APIs or consuming organizational token claims
• Operators provisioning Tenants, departments, and user assignments
• Solution engineers evaluating Keymate's multi-tenancy capabilities

Key Topics

Multi-Tenant IAM

Tenant isolation within a shared realm.

Tenant Model

Roles, groups, applications, and properties on a Tenant.

Organization Hierarchy

Hierarchical department structures with role mappings.

Delegated Administration

Scoped administration at Tenant, department, and user levels.

Org-Aware Tokens & Sessions

Token exchange that binds sessions to organizational context.

Tenant Identity & Federation

Tenant-scoped identity provider configuration.

Membership & Application Assignment

User assignments and application catalogs per Tenant.

Tenant Onboarding

Department templates, property templates, and template cloning.

Cross-Tenant Access Governance

Permission evaluation across organizational boundaries.

Representative Journeys

• I want to understand Keymate's multi-tenancy approach → Multi-Tenant IAM
• I want to model an organization's internal structure → Organization Hierarchy
• I want to understand how tokens carry organizational context → Org-Aware Tokens & Sessions
• I want to provision Tenants from reusable templates → Tenant Onboarding
• I want to evaluate permissions across Tenant boundaries → Cross-Tenant Access Governance

Recommended Reading Order

1. Multi-Tenant IAM
2. Tenant Model
3. Organization Hierarchy
4. Membership & Application Assignment
5. Delegated Administration
6. Org-Aware Tokens & Sessions

Related Sections

• Authorization — policy evaluation and enforcement
• Token & Session — token claims, exchange, and session governance
• Identity — identity model and claims
• Groups — group model and Tenant inheritance