Skip to content

Auth Service Overview

Auth Service is the platform service for identity validation, role-based access control, API keys, service accounts, and signing keys used by Governance Platform workflows.

Users normally interact with Auth Service through Governance Studio sign-in, membership management, and API key workflows. Operators and integrators interact with it when configuring identity providers, service accounts, token handling, or key management.

  • Validation of user identity from the configured identity provider.
  • Organization and project membership.
  • Role and permission checks for platform services.
  • User API key lifecycle.
  • Service-account token workflows for platform integrations.
  • DID key management and signing support.
  • Token exchange support for Keycloak and Microsoft Entra deployments.

Auth Service does not replace the customer identity provider. The identity provider remains the source for user sign-in. Auth Service enriches platform requests with roles, permissions, memberships, and platform-specific keys.

Auth Service supports Keycloak, Auth0, Microsoft Entra, and generic OIDC-capable provider configuration. The deployment chart documents Auth0, Microsoft Entra, and Keycloak as customer deployment choices.

Token exchange and Auth Service-issued refresh tokens are available only for Keycloak and Microsoft Entra deployments. Auth0 and generic OIDC deployments rely on provider-issued tokens for user authentication.