Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Role: Identity & Access

Purpose: Provide secure, centralized, and user-friendly authentication and authorization across all infrastructure services.

Responsibilities:

  • Maintain a centralized Identity Provider (IdP) for accounts, groups, and multi-factor authentication (MFA).
  • Implement Single Sign-On (SSO) to provide a unified login experience.
  • Manage granular authorization policies for resource access.
  • Handle session management, including timeouts and credential revocation.

Guarantees:

  • A unified login experience is provided across all supported services.
  • Multi-factor authentication is enforced for sensitive and external access.
  • Unauthorized access attempts are blocked at the identity layer.

Out of Scope:

  • Network-level access control (VPN/Firewall boundaries).
  • Application-specific business logic authorization.
  • Management of physical access tokens or hardware keys.