ADR-008: Authentication and RBAC via OIDC/SAML
- Status: Accepted
- Date: 2026-02-07
Context
The platform is multi-tenant and must integrate with enterprise identity providers while enforcing granular permissions.
Decision
Use OIDC for authentication with optional SAML support and enforce role-based access control scoped to tenant, org, and project.
Consequences
- Enterprise SSO support is available from day one.
- RBAC policy engine must be consistently enforced at all boundaries.
- Requires clear role design and audit logging.