IAM (Identity & Access Management)

Overview

The IAM boundary manages identity and access management across Planet's systems. The strategic direction is Auth0-based authentication for all services, with centralized user management and API security through M2M tokens.

Applications

• Auth0 - Primary identity provider (strategic)
• IAM Gateway - Internal IAM services
• User Management - User lifecycle management

Repository Inventory

Architecture Notes

Authentication Strategy

• Auth0 - Strategic identity provider
• M2M Tokens - Service-to-service authentication
• JWT Validation - Token-based API security

Current Auth Patterns (from pp-payments-api)

// Two Auth0 client instances
- Primary Auth0 (general M2M)
- MerchantActivation Auth0

Key Integrations

• Planet Portal - Auth0 for merchant/user authentication
• Gateway Services - M2M token authentication
• Internal APIs - Bearer token validation

Legacy Systems

• Some systems still use custom authentication
• Migration path to Auth0 in progress

Technology Stack

Auth0 Configuration Areas

1. Applications - SPA, API, M2M configurations
2. APIs - Resource server definitions
3. Connections - Identity sources (DB, social, enterprise)
4. Rules/Actions - Custom authentication logic
5. Organizations - Multi-tenant merchant support

Strategic Direction

• Consolidate all authentication to Auth0
• Deprecate legacy auth systems (merchant-auth-api)
• Implement RBAC (Role-Based Access Control) consistently
• API-first security with OAuth 2.0 scopes

Security Requirements

• MFA for administrative access
• Token rotation and expiry
• Audit logging for authentication events
• PCI compliance for payment-related access

Future Considerations

• Fine-grained authorization policies
• Merchant self-service user management
• API rate limiting per client
• Enhanced audit and compliance reporting