Auth, Security & SSO
JWT-based authentication, role-based access control, and single sign-on via Keycloak and any OAuth 2.0-compliant identity provider. Multi-tenant isolation enforced at the ORM layer.
Identity you already trust, integrated
Stop maintaining a separate auth stack. Connect Keycloak or any OAuth 2.0 provider and Endatix maps identity claims to roles automatically. RBAC rules apply at query time, not just at the route level.
- JWT access tokens with configurable expiry
- RBAC with tenant-scoped permission enforcement
- SSO via Keycloak — federate LDAP, AD, or OIDC providers
- Email verification token flow included
- reCAPTCHA support on public-facing form endpoints
- Multi-tenant data isolation enforced at EF Core query layer
Security from the ground up
Every layer of the stack participates in access control — not just the router.
JWT Bearer Tokens
Stateless, signed JWT tokens for all API consumers. Short-lived access tokens with refresh-token rotation keep sessions secure.
Role-Based Access Control
Fine-grained RBAC controls which users can view, create, or manage forms and submissions within each tenant.
SSO via Keycloak
Drop in a Keycloak realm and federate authentication with your existing identity provider — LDAP, Active Directory, or any OIDC-compliant IdP.
OAuth 2.0
Any OAuth 2.0-compliant identity provider works out of the box. Configure client credentials or authorization-code flows per environment.
Email Verification
Built-in email verification token flow for self-registration scenarios, with configurable expiry and resend throttling.
Tenant Isolation
All auth checks are tenant-scoped at the ORM layer — a token granted in tenant A cannot read or write data in tenant B.
Plug in your identity provider and ship.
No custom auth plumbing required. Connect your IdP and let Endatix handle the rest.
Talk to an engineerPlug in your identity provider and ship.
No custom auth plumbing required. Connect your IdP and let Endatix handle the rest.
Talk to an engineer