📄️ IAM Service
The IAM (Identity and Access Management) service is a foundational component within the Citadel platform, primarily serving as a Policy and Claims Enrichment Engine. It provides administrative APIs for managing Citadel-specific authorization policies and enriches user claims from an upstream Identity Provider (IdP) for consumption by other services.
📄️ IAM Service: Component Breakdown
This document provides a deep dive into the internal architecture of the iam-service, following the principles of Domain-Driven Design (DDD) and Clean Architecture as established in ADR 0001: Standardized Service Layout. It breaks down the components and their interactions for key use cases, serving as a blueprint for developers.
📄️ IAM API Reference
📄️ Attribute Validation
The IAM service utilizes a dynamic attribute validation system to ensure identity attributes conform to defined standards. This is implemented via the YAMLSchemaValidator.
📄️ Policy Evaluation
The IAM service includes an internal policy evaluator that allows administrators to define fine-grained access control rules using the Common Expression Language (CEL).
🗃️ ADRs
6 items
📄️ IAM Service: Core API Workflows
This guide walks you through the fundamental API workflows for the iam-service. It assumes you have a running local environment as described in the Getting Started guide.
📄️ Runbook: iam-service
This document provides operational guidance for the iam-service. It is intended for on-call engineers and system administrators responsible for maintaining the service's health.