4 docs tagged with "auth"

[SUPERSEDED by ADR-016 and ADR-017] Dual-mode auth — GitHub OAuth with org-gate for internal admins, email magic link with whitelist for early clients

Pick a persistent store for delegated_agent audit log entries. Recommend Grafana Cloud Loki (already adopted by ADR-019, free at pilot scale) for general-purpose audit retention, with a small Mongo audit_logs collection reserved only for the customer-facing 'who did what' query surface once a tenant asks for one.

Target authentication architecture for SecurityV0 — portal UI, API, and infrastructure access. Three IdPs (GitHub at L1 perimeter, WorkOS at L2 application, Entra at L3 Azure RBAC), four SSH tiers including a narrow Tier-1.5 emergency key, an Active subscription-Owner Entra account (no PIM, no backup SP — 2nd-human-Owner is the rollback) with Security Defaults MFA-on-sign-in.

Design patterns for recovery service principals — lessons from the 2026-05-13 cancelled sv0-azure-backup-owner SP. Reference for the NEXT time a recovery SP is genuinely warranted.