Reference for how authentication, users, tenants, and per-tenant configuration work in sv0-platform. For the operational end-to-end flow, see [Authentication, end-to-end](../runbooks/authentication-end-to-end.md).
Adopt a B2B multi-tenant authentication architecture with an external identity provider as source of truth, URL-scoped tenants, SecurityV0 as its own organization, and cross-tenant super-admins via internal-org membership.
Minimal Azure permissions required to run the Foundry connector pilot
Plan to implement dual-mode user authentication for sv0-platform (GitHub OAuth for admins, email magic link for clients), replacing the REQUIRE_AUTH=false production bypass per ADR-012.