Identity, Auth, Access & Security

Category 2 of 30 in the ConnectSoft SaaS Ecosystem Catalog (items 51-100). This is the lightweight browse layer: a one-line description plus status / cycle / wave / tier tag for every candidate. For capability grouping, bounded contexts, aggregates, APIs, events, and MVP scope, see the deep-dive analysis.

• Group: core
• Primary bounded context: Identity & Access
• Default wave / cycle: Phase 1 · Core Platform Wave

Note

Tags read Status · Cycle · Wave · Tier. Documented / Live items link to their existing platform pages; Planned items are catalog candidates.

Services

1. Identity Server — Microservice candidate in the Identity & Access context. (Live · Core Platform Wave · Phase 1 · Tier 0 · docs)

2. OpenID Connect Provider — Capability module inside its bounded-context service in the Identity & Access context. (Live · Core Platform Wave · Phase 1 · Tier 0 · docs)

3. OAuth2 Authorization Server — Microservice candidate in the Identity & Access context. (Live · Core Platform Wave · Phase 1 · Tier 0 · docs)

4. User Account Service — Capability module inside its bounded-context service in the Identity & Access context. (Live · Core Platform Wave · Phase 1 · Tier 0 · docs)

5. User Profile Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

6. User Registration Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

7. Login Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

8. Password Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

9. Passwordless Login Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

10. Magic Link Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

11. MFA Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

12. TOTP Authenticator Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

13. SMS OTP Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

14. Email OTP Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

15. WebAuthn / Passkey Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

16. Device Trust Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

17. Session Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

18. Token Issuance Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

19. Token Introspection Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

20. Token Revocation Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

21. Refresh Token Rotation Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

22. API Key Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

23. Personal Access Token Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

24. Service Account Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

25. Machine-to-Machine Auth Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

26. OAuth Client Registry — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

27. Consent Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

28. Identity Federation Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

29. SAML SSO Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

30. SCIM Provisioning Service — Microservice candidate in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

31. Directory Sync Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

32. Role Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Documented · Core Platform Wave · Phase 1 · Tier 0 · docs)

33. Permission Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

34. RBAC Policy Service — Capability module inside its bounded-context service in the Identity & Access context. (Documented · Core Platform Wave · Phase 1 · Tier 0 · docs)

35. ABAC Policy Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

36. Policy Decision Point — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

37. Policy Enforcement Point — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

38. Fine-Grained Authorization Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

39. Resource ACL Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

40. Delegated Access Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

41. Support Impersonation Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

42. Break-Glass Admin Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

43. Access Review Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

44. Privileged Access Management — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

45. Workload Identity Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

46. mTLS Identity Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

47. Certificate Management Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

48. Key Rotation Service — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

49. Security Event Stream — Capability module inside its bounded-context service in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

50. Zero Trust Access Gateway — Microservice candidate in the Identity & Access context. (Planned · Core Platform Wave · Phase 1 · Tier 0)

Related

• Deep-dive analysis
• Master service catalog
• Bounded-context map
• Implementation waves