Skip to content

Authentication Service Overview

The Authentication Service is a foundational component of the Sidra Data Platform. It is responsible for managing secure user sign-in, session lifecycle, federated identity integration, and authorization controls across all Sidra services and Data Products.

Sidra's authentication and authorization layer is built on Keycloak, an open-source identity and access management system that supports industry standards such as OpenID Connect (OIDC) and OAuth 2.0. This ensures compatibility with modern authentication flows and simplifies integration with enterprise environments.

Through its integration with Azure Active Directory (AAD), the Authentication Service supports Single Sign-On (SSO), allowing users to authenticate once with their organizational credentials and gain access to the Sidra Core and any associated Data Products without re-authentication.

Authentication Features

The Authentication Service enables organizations to enforce centralized security policies. It supports configuration options such as:

  • Multi-Factor Authentication (MFA)
  • Custom identity providers
  • Granular session control policies

This centralized and extensible approach reduces the complexity of managing identity and access across environments, while strengthening the overall security and compliance posture of the Sidra platform.

Authorization Management

Keycloak provides fine-grained control over access to data and platform resources. It enables administrators to define, assign, and manage permissions for both users and applications across Sidra's ecosystem through role-based access control (RBAC).

The service integrates seamlessly with Sidra's authentication layer, supporting permissions at multiple scopes—such as Data Storage Units (DSUs), Providers, and Entities.

Authorization data is persisted in Keycloak and managed through the Sidra Web UI. This interface provides full visibility into authorization subjects (users or applications), roles and access permissions, making it easy to manage access control at scale.

Managing Authorization in Sidra Web

Sidra's Web UI is built to expose and manage all components of the Authorization Framework. Users can browse registered applications, assign roles to users or applications, and manage permission mappings across Sidra services and Data Products.

Each Data Product is treated as an authorization application with its own unique ClientId, allowing Sidra to isolate permissions per product while maintaining centralized governance.

Authorization Users View

The Authorization Users View displays all authorization subjects—either individual users or applications—registered in the system.

Users can inspect roles and delegations per subject and add new delegations with validity dates, enabling controlled access delegation across applications.

Authorization Users View

User Detail View

The User Detail View allows administrators to configure access for a subject on a per-application basis. For each application, you can:

  • Edit fine-grained permissions (read, write, delete) on metadata resources like Providers and Entities

For detailed information about roles and permissions for each service, see Services - Roles and Permissions.