DocsIdentity and Access Management
The platform's IAM system provides authentication, role-based access control, API keys, and service accounts for secure multi-tenant operations.
The platform's Identity and Access Management (IAM) system controls who can access what. It covers authentication (verifying identity), authorization (checking permissions), and account management.
Key components
| Component | Purpose |
|---|---|
| Accounts | User and service identities |
| Organizations | Tenant boundaries with membership |
| Roles | Named sets of permissions |
| Permissions | Granular resource:action rights |
| API keys | Programmatic access tokens |
| Service accounts | Automated identities for apps and agents |
Identity provider
The platform uses Zitadel as its identity provider. Zitadel handles:
- User registration and login
- Password management and recovery
- Session management and token issuance
- Service account creation
- OIDC-compliant authentication flows
All authentication goes through Zitadel, and the platform receives verified identity tokens.
Access control model
Account
→ assigned to Organization (with a Role)
→ Role contains Permissions
→ Permissions grant access to resources and operationsEvery API request is authenticated and authorized:
- The request includes an access token
- The token is verified and the account is identified
- The account's role within the current organization is resolved
- The requested operation is checked against the role's permissions
- Access is granted or denied
In this section
- Authentication — how users and services authenticate
- Roles and Permissions — configuring access control
- API Keys — programmatic access tokens
Telephony
How the Bivariant platform handles voice calls and SMS through SIP trunks, phone number management, and LiveKit-powered real-time audio.
Authentication
How users and services authenticate with the Bivariant platform — OIDC-based login, access tokens, session management, and service account authentication.