947 B
947 B
Self-Hosted Auth Manager
Centralize authentication and authorization for self-hosted services using consistent SSO and OAuth policies.
Problem
Self-hosted stacks often accumulate fragmented login systems, creating security gaps and admin overhead.
Core capabilities
- Unified identity provider for internal tools.
- Role and group mapping across services like Gitea, dashboards, and admin panels.
- MFA enforcement and session policy controls.
- Audit logs for access events and permission changes.
MVP scope
- Deploy with one identity backend and two relying-party integrations.
- Define baseline role model and default access policies.
- Add admin UI for user lifecycle management.
Success criteria
- Fewer account management tasks across services.
- Improved access consistency and security posture.
Stretch ideas
- Just-in-time privileged access workflows.
- Risk-based auth prompts based on context and device posture.