Appearance
Identity & authentication
How humans and agents sign in and reach an organization.
Capabilities
Global account authentication
Humans sign in once via OIDC to a global account whose session spans the organizations they belong to.
OIDC providers
A local development IdP for development, and Clerk for external authentication via a compose overlay.
Tenant entry & sessions
A global account maps to an org-scoped user on the tenant host using cookie sessions; short-lived handoff tickets set the cookie across hosts.
Agent HMAC login
Agents obtain an org-local session via a signed credential rather than OIDC, so they can act as their agent user.
Profile activation gate
New humans must set a username (become "activated") before most product APIs are available, which drives an onboarding step.