142 docs tagged with "planned"

Install, configure, and use the Keymate .NET SDK to perform permission checks and retrieve organization context from .NET applications.

REST API contract for permission check and organization context endpoints exposed by the Access Gateway.

Access control model and permission visibility principles for the Admin Console.

Field schema and semantics for the Access Gateway's declarative access rule definitions.

Why Keymate requires a dedicated admin console and the design decisions behind it.

Admin persona types and their responsibility areas within the Keymate Admin Console.

Global, tenant, and delegated admin scope model for the Admin Console.

Offline and isolated deployment model for environments without internet access.

Alert management and overview screens in the admin console

Tutorial for integrating Keymate authorization with an API gateway.

Configuring DPoP token validation at the API gateway layer for incoming requests.

Personal access token and API token screens in the Admin Console.

How Keymate requires explicit approval for sensitive administrative operations to prevent accidental or unauthorized changes.

Audit and timeline screens in the admin console

Audit trail capabilities and session security model for Admin Console operations.

Pluggable authority model and future FGA/OPA readiness

Design patterns for building custom authorization orchestration workflows with the Keymate platform

Backup and restore screens in the Admin Console.

Backup, restore, and feature flag management workflows

Continuity planning, fallback strategies, and SLO guardrail guidance for Keymate operations.

How Keymate governs OAuth scopes and token claims to enforce least-privilege access and prevent privilege escalation.

Centralized configuration management component — stores, validates, and distributes configuration across the Keymate platform.

Connector inventory and detail workflows

Control plane responsibilities, managed services, and coordination layer

How Keymate detects and logs administrative actions that attempt to cross tenant boundaries in a multi-tenant deployment.

View platform statistics, system health indicators, and quick-access shortcuts from the Admin Console dashboard.

Simulate authorization decisions against policies to validate access outcomes before deploying changes to production.

Delegation and admin scoping screens in the Admin Console.

Apache APISIX deployment and plugin configuration

Istio / Envoy deployment and configuration for Keymate enforcement

NGINX deployment and configuration for Keymate integration

Deployment topology and infrastructure layout

Supported deployment models for Keymate

Device observability screens in the admin console

LDAP and SCIM sync jobs and operational model

Apache APISIX DPoP enforcement

View the effective permissions for a user or service, showing direct, inherited, and composite access across all authorization models.

Complete walkthrough of a Keymate authorization request from client to decision.

How Keymate classifies enforcer identity trust levels using SPIFFE and mTLS, and how trust classification affects DPoP enforcement behavior.

Event catalog discovery and self-service integration model

Integration Hub, Event Hub, and outbox event contract surface reference

Event subscription and delivery workflows

Event-driven and sync architecture patterns

EventHub and gateway integration screens in the Admin Console.

Explain endpoint and decision traceability surface for access decisions

Explain endpoint response contract and deterministic evaluation rules

Customize and extend the Keymate Nginx access plugin for authorization enforcement

Feature flag screens in the Admin Console.

Role, responsibilities, and system context of the FGA Engine in the Keymate authorization stack.

Experiment with FGA authorization models and relationship queries using the FGA playground

Connect your first application to Keymate

Your first authorization decision flow

Set up your first tenant and organization

Domain-oriented frontend structure and modular boundaries of the Admin Console.

Gateway edge enforcement model and request authorization

Troubleshooting gateway integration and enforcement failures

Install, configure, and use the Keymate Go SDK to perform permission checks and retrieve organization context from Go applications.

gRPC service contracts and methods exposed by the Access Gateway

Health signals and status screens in the admin console

OIDC, OAuth, SAML, SCIM, and identity ecosystem standards compliance

How Keymate enforces tenant pinning during impersonation and prevents unauthorized hat-switch operations across tenant boundaries.

Import, export, and migrate platform configurations including policies, resources, roles, and tenant settings.

Develop custom Keycloak Service Provider Interfaces (SPIs) for authentication, user federation, and identity brokering within the Keymate platform

Extension patterns for integrating custom logic into the Keymate platform using Keymate SPIs

Log viewer screens in the admin console

Metadata and classification screens in the admin console

Metrics viewer and KPI dashboard screens

How Keymate uses SPIFFE-based mTLS to verify workload identity and establish trust between platform components.

Step-by-step tutorial for setting up multi-tenant authorization with Keymate.

TopNav areas and the domain-based management model that organizes Admin Console screens.

Registration, rotation, and revocation of OAuth clients in Keymate, covering lifecycle policies that limit credential sprawl and attack surface.

OAuth client lifecycle screens in the Admin Console.

OpenMetadata integration for data catalog and policy metadata

OpenShift deployment model and platform-specific considerations for Keymate.

OpenTelemetry signal emission and collection integration

Apache APISIX integration overview

Istio / Envoy mesh integration overview

Kong integration overview

NGINX integration overview

Connector approach and supported integration flows

Introduction to admin areas and management workflows in the Keymate Admin Console.

Introduction to Admin Console architecture and key design decisions.

Introduction to Admin Console concepts — personas, navigation domains, and workflow patterns.

Introduction to the Admin Console security model and protection boundaries.

Dashboard overview, system health indicators, and quick actions in the Admin Console.

Deployment model for running Keymate alongside an existing IAM system during migration.

Troubleshooting performance issues in Keymate authorization pipeline

Analyze policy usage metrics, complexity scores, and diagnostic insights to optimize your authorization model.

DSL validator, templates, versions, and metadata reference

Hands-on walkthrough for authoring and testing Keymate authorization policies.

How the Keymate policy DSL maps to FGA authorization models and relationship tuples.

Track policy changes with version diffs, promote policies across environments, and manage approval workflows in the Admin Console.

Version diff, promotion, and approval screens for policies in the Admin Console.

Deployment model for VPC and private cloud environments with network isolation.

Quick action shortcuts and navigation areas on the Admin Console Dashboard.

Get a working authorization flow running in minutes

Request evaluation and authorization decision flow

Apache APISIX request flow and enforcement behavior

Istio and Envoy mesh request flow and policy enforcement

NGINX request flow and policy enforcement

Generate Keymate resource and scope definitions from OpenAPI specifications for policy authoring

Role assignment and visibility screens in the Admin Console.

Develop Keymate enforcement plugins using Rust and the proxy-wasm-rust-sdk for WASM-based authorization enforcement.

Guidance for scaling Keymate platform components and optimizing performance.

SCIM provisioning and sync model

How Keymate uses organizational seat assignments as authorization boundaries to control resource access

Secret and key management screens in the Admin Console.

Configure platform security settings and manage secrets, certificates, and credential rotation through the Admin Console.

Zero-trust and enforcement layers

Security policy settings screens in the Admin Console.

Protection mechanisms for high-impact administrative operations in the Admin Console.

Session observability screens in the admin console

Simulation and validation screens in the Admin Console.

Guidance for authorization policy snapshot activation, retention, and garbage collection.

Snapshot activation, portability, and runtime switching capabilities

Configure Shared Signals Framework (SSF) streams and receivers to share real-time security events across integrated systems.

Shared Signals Framework management workflows in the Admin Console.

Server-side rendering model for the Admin Console and its security and access control implications.

High-level system architecture and component interactions

System configuration screens in the Admin Console.

Template management screens in the admin console

Configure tenant-level preferences and platform-wide system settings through the Admin Console.

Manage tenant quotas, license compliance, suspension and reactivation workflows, and risk assessment dashboards.

How group memberships and role mappings propagate through the organizational hierarchy across tenant boundaries

Tenant configuration screens in the Admin Console.

Test authorization decisions using the explain endpoint and decision simulation tools in the Admin Console

Token and session lifecycle model

Decision trace and explainability screens in the Admin Console.

Trace viewer screens in the admin console

Troubleshooting unexpected authorization denials

Upgrade lifecycle and version compatibility guidance for the Keymate platform.

Usage metrics and summary signal views on the Admin Console Dashboard.

Service-to-gateway gRPC authorization flows for permission checks from platform services

Test Admin Console API endpoints with custom headers, scopes, and request parameters using the built-in API tester

Browse and inspect authorization model schemas, resource definitions, and API surfaces using the Admin Console API Explorer

How Keymate classifies enforcement points as verified or unverified based on identity trust, and how this classification affects authorization behavior.

WASM-based policy enforcement in Istio / Envoy

Target personas and operating model fit for Keymate

Why Keymate provides a dedicated admin console experience separate from Keycloak's native administration interface.

Debugging authorization denial reasoning using policy evaluation traces

Screen-based navigation and task-based management workflows in the Admin Console.

Guide for authoring access rules using the AccessRuleSet DSL to configure token exchange and resource resolution in the Access Gateway.