Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt

Use this file to discover all available pages before exploring further.

Access Manager is built from two services, and every protected Lerian product plugs into them at the route level. Together, they cover the three jobs of access control: managing access data, deciding access at runtime, and enforcing those decisions inside each product.
  • Auth is the runtime decision layer. It issues tokens, verifies MFA, returns user information, and answers permission checks.
  • Identity is the management layer. It stores users, groups, applications, communication providers, application-provider links, and MFA configuration.
  • Product-level enforcement is the runtime integration inside protected products. It calls Auth before product business logic runs and is not a third Access Manager service.
For example, Identity creates a user and assigns the user to a product group. Auth issues the access token and answers permission checks for that token. The protected product enforces those decisions on every route before the request reaches the product handler.

Auth service

Runtime tokens, MFA verification, user information, permission decisions, and cache.

Identity service

Management of users, groups, applications, communication providers, and MFA configuration.

Product-level enforcement

Route-level checks inside protected Lerian products that call Auth before business logic.
Auth, Identity, and product-level enforcement do not replace each other. Identity defines access data, Auth makes authentication and authorization decisions, and protected products enforce those decisions at runtime.
For day-to-day usage, see Using Access Manager for the API workflow and Access Manager via Lerian Console for the visual flow.