Skip to content

Identity Examples

Why This Exists

This document provides realistic examples of Identity Domain behavior in Algosure.

Owner

The owner is the Chief Product Officer and Enterprise Architect.

Business Value

Examples show how Identity protects tenant boundaries, supports collaboration, and enforces subscription-aware access.

Example 1: User Joins An Organization

An organization admin invites a colleague to join the organization. Identity creates an invitation scoped to OrganizationId and proposed roles. Notification delivers the invitation. When accepted, Identity creates membership and role assignment.

Business value: team access is controlled and auditable.

Example 2: Cross-Tenant Access Denied

A user has access to Organization A and attempts to open a bid workspace belonging to Organization B. Identity evaluates membership and tenant boundary, then denies access.

Business value: tenant isolation protects customer data.

Example 3: Billing Entitlement Restricts Feature

A Free plan user attempts to create a feature gated by a paid plan. Billing owns entitlement state. Identity requests or receives the entitlement signal and denies the action with an upgrade-required reason.

Business value: commercial access is enforced without duplicating billing facts.

Example 4: API Key For Integration

An organization creates an API key for a limited integration. Identity stores only the key hash, scopes it to OrganizationId and allowed actions, records last-used metadata, and allows revocation.

Business value: programmatic access is controlled and reversible.

Example 5: MFA For High-Risk Action

A user tries to change role assignments. Identity evaluates risk and requires MFA challenge before allowing the action.

Business value: sensitive access changes get stronger protection.

Example 6: Future Keycloak Sign-In

Keycloak may authenticate a user and provide an identity provider subject. Identity links that subject to an Algosure User Account, evaluates organization membership, and makes authorization decisions.

Business value: implementation flexibility is preserved while Algosure keeps ownership of its access model.