Users
Overview of users within the Keycard platform.
Users are people who access protected resources, either directly or by delegating access to applications and agents that act on their behalf.
Credentials
Section titled “Credentials”Users authenticate to a zone using credentials, including passwords and passkeys, or through single sign-on (SSO) via their identity provider (IdP).
Passwords
Section titled “Passwords”Keycard supports issuing passwords to users. A password is a secret shared between Keycard (where it is stored in secure hashed format) and the user, who is responsible for keeping it secret.
Passwords and other zone-specific credentials are applicable when there is not an existing user identity system in place, as well as when supporting users who prefer to create accounts rather than sign in via SSO or social login.
Federated
Section titled “Federated”Keycard supports federated credentials, whereby a user logs in via SSO or social login.
In enterprise scenarios, the corporate IdP can be used for employee SSO. Keycard supports Okta, Microsoft Entra, or any provider that implements standard protocols, including OpenID Connect and SAML.
In consumer scenarios, people can sign in using their existing accounts at Google, Apple, or a social network. This is often referred to as social login, and uses the same underlying protocols, including OpenID Connect, OAuth, and SAML.
Registration
Section titled “Registration”Keycard supports private and public modes for user registration.
Private
Section titled “Private”In private mode, users must be explicitly invited via their email address by an adminstrator or have a pre-existing account at a configured IdP. This is necessary for internal or private domains such as a company, organization, or family.
Public
Section titled “Public”In public mode, users are free to create accounts or sign in using any configured identity provider. This is useful when providing a product or service to the general public.