Skip to content

Identity & Access Platform

This page describes the ConnectSoft Identity & Access Platform — a production-ready OpenID Connect server and identity management solution for multi-tenant SaaS. It is written for product managers, architects, and teams evaluating identity solutions.

The Identity Platform provides a complete identity and access management solution built on industry standards, designed for multi-tenant SaaS applications with support for B2B and B2C scenarios.

Tip

The Identity Platform is built by the Factory and serves as a reference implementation of our microservice template patterns. Customers can use it directly or generate custom identity services using the Factory.

What This Platform Does

The Identity Platform provides:

  • OpenID Connect / OAuth2 Authorization Server - Standards-based authentication and authorization
  • Multi-Tenant Identity Management - Tenant isolation, user management, and tenant-specific policies
  • External Identity Provider Federation - Connect with Azure AD, Google, GitHub, and other providers
  • API Token Management - Service-to-service authentication and API access control
  • Edition-Based Features - Different capabilities per tenant based on subscription tier

Core Features

  • OpenID Connect / OAuth2 - Full support for authorization code, client credentials, and resource owner password flows
  • Multi-Tenancy - Complete tenant isolation with per-tenant user stores and policies
  • User Management - User registration, password reset, email verification, profile management
  • Role-Based Access Control (RBAC) - Roles and permissions scoped to tenants
  • External Identity Providers - Federation with Azure AD, Google, GitHub, and custom providers
  • API Tokens - Long-lived tokens for service-to-service authentication
  • Audit Logging - Complete audit trail of authentication and authorization events
  • Edition Management - Feature flags and capabilities based on subscription tier
  • Health Checks - Built-in health endpoints for monitoring and load balancing
  • Observability - Distributed tracing, metrics, and structured logging

Typical Integrations

Microservices

  • Microservices authenticate users via OIDC/OAuth2
  • Service-to-service authentication using client credentials flow
  • Token validation and introspection endpoints

External Identity Providers

  • Azure AD / Entra ID for enterprise SSO
  • Google Sign-In for B2C scenarios
  • GitHub OAuth for developer tools
  • Custom SAML/OIDC providers

API Gateways

  • Token validation at the gateway
  • User context propagation to downstream services
  • Rate limiting and access control

Frontend Applications

  • Web applications using authorization code flow with PKCE
  • Mobile apps using device flow or authorization code flow
  • Single-page applications (SPAs) with implicit or authorization code flow

Ideal Use Cases

  • Centralized Auth for SaaS Products - Single identity platform serving multiple SaaS applications
  • B2B Tenant Onboarding - Self-service tenant creation and user management
  • API Authentication - Service-to-service and API access control
  • Federation Hub - Central identity provider connecting to multiple external IdPs
  • Multi-Product Identity - Shared identity across multiple ConnectSoft platforms

SaaS Consumers by Cycle

The Identity Platform is a foundational Core Platform service consumed by all ConnectSoft SaaS products across all cycles.

Cycle 1: AI Factory SaaS

  • AI Factory SaaS uses Identity Platform for tenant onboarding, user management, and API authentication
  • All Factory-generated projects authenticate via Identity Platform
  • Factory console users authenticate through Identity Platform

Cycle 2: Horizontal SaaS

  • Digital Marketing Hub - User authentication for campaign managers and marketers
  • Short Links Platform - User authentication for link creators and administrators
  • Workflow Orchestrator - Service-to-service authentication for workflow execution
  • Headless CMS - User authentication for content editors and administrators
  • CRM / Contacts Hub - User authentication for sales teams and account managers

Cycle 3: AI & First Vertical

  • AI Bot Framework - User authentication for bot interactions and bot administrators
  • AI Marketing Copilot - User authentication integrated with Digital Marketing Hub
  • Digital Forms SaaS - User authentication for form creators, respondents, and approvers
  • Insurance Suite - Multi-tenant user management for insurance workflows, agents, and customers

Cycle 4: Marketplaces & Ecosystem

  • All marketplace products use Identity Platform for user authentication
  • Integration Platform - Service-to-service authentication for connectors and integrations
  • Support & Self-Service Platform - User authentication for support agents and customers
  • Vertical suites (AdTech, HR) - User authentication across all vertical products

Relationship to the Factory

The Identity Platform demonstrates what the Factory can produce:

  • Built by the Factory - The Identity Platform was generated using the Factory's microservice template
  • Reference Implementation - Shows best practices for multi-tenant SaaS, DDD, and event-driven architecture
  • Customizable via Factory - Customers can generate custom identity services with specific requirements
  • Template Source - Identity patterns are available as templates for Factory users

Note

Customers can use the Identity Platform as-is, or use the Factory to generate custom identity services tailored to their specific needs. The Factory includes identity-related templates and patterns.