Console

Configure access policies, identity, and access control for your Keycard deployment.

Without centralized policy, teams fall back to approving every action manually or letting agents run unchecked. Console is where you replace that tradeoff with rules that enforce themselves. Author them in versioned sets, roll back to any previous state.

With Console, you can:

Write permit/forbid policies that evaluate every request, with safe rollback to any previous version
Bring your own IdP so users authenticate through Okta, Auth0, or Google
Assign roles scoped to the organization or individual zones
Add Gmail, GitHub, Slack, and other APIs from the Resource Catalog
Install pre-configured MCP servers from the MCP Catalog, protected by your zone’s identity and policy layer
Gate Console access behind your corporate SSO

Get Started

GET STARTED

Set up your identity provider, from app creation to first login.

Use Okta for Sign InCreate an Okta application and configure it as a provider in your Keycard zone

Use Auth0 for Sign InCreate an Auth0 application and configure it as a provider in your Keycard zone

Reference

CONFIGURATION

Each area of Console with setup steps and examples.

Access PoliciesIndividual permit/forbid rules and policy sets that control access across a zone

Identity ProvidersConnect your own OAuth 2.0 IdP for zone-level user authentication

Zone AuthenticationConfiguring zone authentication, inviting users, sign up, and troubleshooting

Roles & PermissionsOrganization and zone roles that control who can manage settings and resources

Single Sign-OnOIDC-based SSO for your team’s access to Keycard Console, with JIT provisioning

Resource CatalogPre-configured integrations for Gmail, GitHub, Slack, and more, ready to add to your zone

MCP CatalogInstall pre-configured MCP servers into Cursor, Claude Code, or any MCP client, protected by the Keycard MCP Gateway

API Reference Terraform