94 docs tagged with "planned"

Install, configure, and use the Keymate .NET SDK to perform permission checks and retrieve organization context from .NET applications.

REST API contract for permission check and organization context endpoints exposed by the Access Gateway.

Access control model and permission visibility principles for the Admin Console.

Field schema and semantics for the Access Gateway's declarative access rule definitions.

Why Keymate requires a dedicated admin console and the design decisions behind it.

Admin persona types and their responsibility areas within the Keymate Admin Console.

Global, tenant, and delegated admin scope model for the Admin Console.

Offline and isolated deployment model for environments without internet access.

Alert management and overview screens in the admin console

Configuring DPoP token validation at the API gateway layer for incoming requests.

Personal access token and API token screens in the Admin Console.

How Keymate requires explicit approval for sensitive administrative operations to prevent accidental or unauthorized changes.

Audit and timeline screens in the admin console

Audit trail capabilities and session security model for Admin Console operations.

Pluggable authority model and future FGA/OPA readiness

Design patterns for building custom authorization orchestration workflows with the Keymate platform

Backup and restore screens in the Admin Console.

Continuity planning, fallback strategies, and SLO guardrail guidance for Keymate operations.

How Keymate governs OAuth scopes and token claims to enforce least-privilege access and prevent privilege escalation.

Centralized configuration management component — stores, validates, and distributes configuration across the Keymate platform.

How Keymate detects and logs administrative actions that attempt to cross tenant boundaries in a multi-tenant deployment.

View platform statistics, system health indicators, and quick-access shortcuts from the Admin Console dashboard.

Simulate authorization decisions against policies to validate access outcomes before deploying changes to production.

Delegation and admin scoping screens in the Admin Console.

Device observability screens in the admin console

View the effective permissions for a user or service, showing direct, inherited, and composite access across all authorization models.

How Keymate classifies enforcer identity trust levels using SPIFFE and mTLS, and how trust classification affects DPoP enforcement behavior.

EventHub and gateway integration screens in the Admin Console.

Explain endpoint and decision traceability surface for access decisions

Customize and extend the Keymate Nginx access plugin for authorization enforcement

Feature flag screens in the Admin Console.

Role, responsibilities, and system context of the FGA Engine in the Keymate authorization stack.

Experiment with FGA authorization models and relationship queries using the FGA playground

Domain-oriented frontend structure and modular boundaries of the Admin Console.

Install, configure, and use the Keymate Go SDK to perform permission checks and retrieve organization context from Go applications.

gRPC service contracts and methods exposed by the Access Gateway

Health signals and status screens in the admin console

How Keymate enforces tenant pinning during impersonation and prevents unauthorized hat-switch operations across tenant boundaries.

Import, export, and migrate platform configurations including policies, resources, roles, and tenant settings.

Develop custom Keycloak Service Provider Interfaces (SPIs) for authentication, user federation, and identity brokering within the Keymate platform

Extension patterns for integrating custom logic into the Keymate platform using Keymate SPIs

Log viewer screens in the admin console

Metadata and classification screens in the admin console

Metrics viewer and KPI dashboard screens

How Keymate uses SPIFFE-based mTLS to verify workload identity and establish trust between platform components.

TopNav areas and the domain-based management model that organizes Admin Console screens.

Registration, rotation, and revocation of OAuth clients in Keymate, covering lifecycle policies that limit credential sprawl and attack surface.

OAuth client lifecycle screens in the Admin Console.

OpenShift deployment model and platform-specific considerations for Keymate.

Introduction to admin areas and management workflows in the Keymate Admin Console.

Introduction to Admin Console architecture and key design decisions.

Introduction to Admin Console concepts — personas, navigation domains, and workflow patterns.

Introduction to the Admin Console security model and protection boundaries.

Dashboard overview, system health indicators, and quick actions in the Admin Console.

Deployment model for running Keymate alongside an existing IAM system during migration.

Analyze policy usage metrics, complexity scores, and diagnostic insights to optimize your authorization model.

How the Keymate policy DSL maps to FGA authorization models and relationship tuples.

Track policy changes with version diffs, promote policies across environments, and manage approval workflows in the Admin Console.

Version diff, promotion, and approval screens for policies in the Admin Console.

Deployment model for VPC and private cloud environments with network isolation.

Quick action shortcuts and navigation areas on the Admin Console Dashboard.

Generate Keymate resource and scope definitions from OpenAPI specifications for policy authoring

Role assignment and visibility screens in the Admin Console.

Develop Keymate enforcement plugins using Rust and the proxy-wasm-rust-sdk for WASM-based authorization enforcement.

Guidance for scaling Keymate platform components and optimizing performance.

Secret and key management screens in the Admin Console.

Configure platform security settings and manage secrets, certificates, and credential rotation through the Admin Console.

Security policy settings screens in the Admin Console.

Protection mechanisms for high-impact administrative operations in the Admin Console.

Session observability screens in the admin console

Simulation and validation screens in the Admin Console.

Guidance for authorization policy snapshot activation, retention, and garbage collection.

Snapshot activation, portability, and runtime switching capabilities

Configure Shared Signals Framework (SSF) streams and receivers to share real-time security events across integrated systems.

Shared Signals Framework management workflows in the Admin Console.

Server-side rendering model for the Admin Console and its security and access control implications.

System configuration screens in the Admin Console.

Template management screens in the admin console

Configure tenant-level preferences and platform-wide system settings through the Admin Console.

Manage tenant quotas, license compliance, suspension and reactivation workflows, and risk assessment dashboards.

How group memberships and role mappings propagate through the organizational hierarchy across tenant boundaries

Tenant configuration screens in the Admin Console.

Test authorization decisions using the explain endpoint and decision simulation tools in the Admin Console

Decision trace and explainability screens in the Admin Console.

Trace viewer screens in the admin console

Upgrade lifecycle and version compatibility guidance for the Keymate platform.

Usage metrics and summary signal views on the Admin Console Dashboard.

Service-to-gateway gRPC authorization flows for permission checks from platform services

Test Admin Console API endpoints with custom headers, scopes, and request parameters using the built-in API tester

Browse and inspect authorization model schemas, resource definitions, and API surfaces using the Admin Console API Explorer

How Keymate classifies enforcement points as verified or unverified based on identity trust, and how this classification affects authorization behavior.

Why Keymate provides a dedicated admin console experience separate from Keycloak's native administration interface.

Screen-based navigation and task-based management workflows in the Admin Console.

Guide for authoring access rules using the AccessRuleSet DSL to configure token exchange and resource resolution in the Access Gateway.