Auth Service Overview
Auth Service is the platform service for identity validation, role-based access control, API keys, service accounts, and signing keys used by Governance Platform workflows.
Users normally interact with Auth Service through Governance Studio sign-in, membership management, and API key workflows. Operators and integrators interact with it when configuring identity providers, service accounts, token handling, or key management.
What Auth Service Owns
Section titled “What Auth Service Owns”- Validation of user identity from the configured identity provider.
- Organization and project membership.
- Role and permission checks for platform services.
- User API key lifecycle.
- Service-account token workflows for platform integrations.
- DID key management and signing support.
- Token exchange support for Keycloak and Microsoft Entra deployments.
What Auth Service Does Not Replace
Section titled “What Auth Service Does Not Replace”Auth Service does not replace the customer identity provider. The identity provider remains the source for user sign-in. Auth Service enriches platform requests with roles, permissions, memberships, and platform-specific keys.
Supported Identity Provider Modes
Section titled “Supported Identity Provider Modes”Auth Service supports Keycloak, Auth0, Microsoft Entra, and generic OIDC-capable provider configuration. The deployment chart documents Auth0, Microsoft Entra, and Keycloak as customer deployment choices.
Token exchange and Auth Service-issued refresh tokens are available only for Keycloak and Microsoft Entra deployments. Auth0 and generic OIDC deployments rely on provider-issued tokens for user authentication.