IAM
Identity and access management for humans and agents
What it does
A single identity primitive for every principal — human users, Fundi agents, and trusted integrations. Roles and permissions defined once in IAM are projected uniformly into every IOBOXX project, so a grant given in one place enforces everywhere. Keycloak under the hood; OAuth2 / OIDC at the edge; capability-style grants per twin.
IAM is the identity primitive every other IOBOXX product reads through. Object Store checks IAM grants before any reducer fires. Connect builds organisations and memberships on top of IAM principals. Studio inherits IAM roles for every app it generates. Memory calls from MCP-aware agents carry IAM-issued tokens.
Key features
- Same primitive for humans + Fundi (agent) identity
- Roles and permissions projected across all projects
- Capability grants per twin — directional, revocable, audited
How it works
Keycloak handles the identity store, federation, and OAuth2 / OIDC at the edge. Grants are modelled as capabilities issued per twin: directional, revocable, and recorded in the deterministic commitlog so every authorisation decision is auditable after the fact.
- Authorization architecture — the capability-grant model in depth.
- Architecture overview — where IAM sits in the 19-component substrate.
Try it
Self-host the AGPL-3.0 core and point Keycloak at your existing identity provider — see the quickstart.