Get Started

Core Concepts

3 min read·Updated May 7, 2026

Seven words and you have the whole vocabulary:

organization · application · tenant · user · role · provider · Authaz Sign-In

Organization                   ← your company
└── Application                ← a product you ship
    ├── Providers              ← how users sign in
    ├── Users                  ← who signs in
    ├── Roles                  ← what they can do
    ├── Tenants  (optional)    ← your customers' workspaces
    └── Branding               ← logo, colors, domain

Organization#

Your company. One per Authaz customer. Owns billing, team members, and every application.

You don't pass an organization ID when calling the API — your API key (or JWT) already belongs to one, and Authaz scopes everything automatically.

Application#

A product you ship. Each application is independent: its own users, providers, roles, branding, custom domain, API keys.

curl -X POST https://your-app.authaz.io/api/v1/applications \
  -H "X-API-Key: $AUTHAZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d


Single-tenant	One user pool. Right for B2C and internal tools.
Shared-pool multi-tenant	Users belong to many tenants. Roles scoped per tenant. Right for products with cross-workspace identity.
Isolated-pool multi-tenant	Each tenant has a separate user pool. No cross-tenant identity possible. Right for regulated industries.


Password	Email + password. Optional MFA.
OAuth / Social	Google, Microsoft, GitHub, Apple.
Magic Link	Passwordless — code emailed on demand.
Passkey	WebAuthn / FIDO2. Biometrics or security keys.
SAML SSO	Enterprise IdPs. SP mode.
Machine-to-Machine	OAuth client credentials.
API Keys	Long-lived keys for customer integrations.

Core Concepts

Organization#

Application#

Tenancy#

Providers#

Users#

Roles#

Next#

Organization#

Application#

Tenancy#

Providers#

Users#

Roles#

Authaz Sign-In#

Next#