Entities

AuthHero manages several core entities, organized into three domains:

Identity

Entities that represent people and groups:

• Users — The individuals who authenticate. Each user belongs to a tenant and can have multiple identities (linked accounts).
• Organizations — Groups of users with their own roles, permissions, and branding. Essential for B2B applications.

Configuration

Entities that control how authentication works:

• Tenants — The top-level isolation boundary. Each tenant has its own users, applications, and settings.
• Applications — Client applications (SPAs, APIs, native apps) that use AuthHero for authentication.
• Connections — Authentication methods available to users: email/password, social logins, SAML, and more.
• Domains — Custom domains for branded authentication URLs.

Security

Entities that control access and authorization:

• Resource Servers — Represent your APIs. Define the scopes (permissions) available for each API.
• Tokens — ID tokens, access tokens, and refresh tokens issued during authentication.
• Roles & Permissions — Named collections of permissions that can be assigned to users globally or per-organization.