Skip to main content
Version: v5.0

Passport Service overview

Use the Passport Service to manage resource permissions, authorizations, and authentication on the platform. The Passport Service is a repository for any permissions on the platform and enables you to manage the following resources:

  • User accounts
  • User groups
  • Workspaces
  • Namespaces
  • Applications

Figure: Passport Service components

Grouping resources with namespaces#

Resources such as an Applications, Workspaces, and UserGroups are namespace providers, which means a namespace is also created with the resource. Namespaces serve as a reference point for all resources lower in the resource hierarchy.

Use namespaces to group resources for Users, UserGroups, Workspaces, Projects, Applications, and Organizations.

Platform roles#

Platform roles are preconfigured system UserGroups that define roles for creating and interacting with hierarchical namespace provider resources and at what permission level. For example, for an Application, there are Application Owner and Application Developer​ roles, each with different resource access and resource management levels. Move up one namespace provider hierarchy level and an Organization owner can onboard and manage multiple Applications.

Authentication#

The Passport Service also works with the Identity Service or any other third-party SAML 2 identity provider to support the authentication of user accounts.

Metrics Service#

The Passport Service now has a new Metrics Service feature which was introduced in Platform version 4.4. This feature can record system events related to the Passport Service and provide useful insights into the usage of a range of system resources.

To learn more about this new service, refer to Metrics Service overview.

API#

To interface with the Passport Service, use the IafPassSvc JavaScript platform API and the Passport Service REST API.