Docs
[IAM]

Introduction

The IAM (Identity & Access Management) system in PLTFRMS is the central layer for authentication, authorization, and identity control across the platform.

It is a fully in-house IAM solution, built to be both:

  • The internal identity backbone of PLTFRMS
  • A full IAM product for external customers, comparable to solutions like Auth0

It is designed around industry standards such as OpenID Connect and OAuth2, while extending them with PLTFRMS-native concepts like organisations and realms.

What is IAM?

IAM is responsible for controlling:

  • Who can access systems and applications
  • What they are allowed to do
  • In which context they operate (organisation, realm, or environment)

Every request across PLTFRMS is ultimately validated and authorized through IAM.

Internal and external usage

IAM is used in two main ways:

Internal platform identity layer

Within PLTFRMS, IAM is the foundation for:

  • Service authentication
  • Internal user access
  • Cross-product authorization
  • Administrative access control

All PLTFRMS products rely on IAM as their identity source.

External IAM product

IAM is also offered as a standalone product to customers.

This allows organisations to:

  • Manage their own users and access control
  • Integrate IAM into their applications
  • Replace or extend existing identity providers

In this sense, IAM acts as a full alternative to products such as Auth0, Okta, and similar IAM providers.

Standards-based, platform-native

IAM is built on open identity standards, including:

  • OpenID Connect for authentication flows
  • OAuth2 for authorization and delegated access

These standards ensure interoperability with external systems, while PLTFRMS-specific extensions provide deeper platform integration.

Realms: multi-tenant identity at scale

A core concept in IAM is the Realm.

Realms allow customers to create fully isolated identity environments within IAM.

Each realm can contain:

  • Users
  • Groups
  • Roles and permissions
  • Applications and integrations
  • Custom configuration and policies

This enables true multi-tenancy, where each organisation or customer can operate independently within the same IAM system.

Security-first design

IAM is built with security as a primary principle.

It includes:

  • Secure token-based authentication
  • Fine-grained authorization using roles and permissions
  • Centralised session and identity management
  • Full auditability of identity-related actions

All access decisions are enforced consistently across the platform.

Hosted and integrated identity flows

IAM supports flexible integration models:

  • Hosted login — fully managed authentication flows by PLTFRMS
  • Embedded flows — direct integration into customer applications
  • API-driven identity management — for automation and provisioning

This allows IAM to adapt to both simple and highly complex identity setups.

Why IAM matters

IAM is the foundation of trust and access within PLTFRMS.

It ensures that:

  • Access is consistently controlled across all products
  • Customers can manage their own identity infrastructure
  • The platform remains secure, scalable, and multi-tenant
  • External systems can integrate using open standards

In short: IAM is both the internal security backbone of PLTFRMS and a full-featured identity platform for external use.