IAM and Identity Team Guide designed
This path is for the teams that own or review identity, federation, MFA, authorization scope, and shared access policy.
What IAM Should Learn First
- GPUaaS product IAM is not the same as raw IdP administration.
- Platform IAM owns product roles, memberships, scopes, service accounts, and audit-backed authorization posture.
- The external identity provider remains an enforcement and federation boundary, not the sole product source of truth.
IAM Decision Route
| If IAM needs to answer... | Open this first | Then go here |
|---|---|---|
| what the product exposes to users and admins | Account and Access | MFA Walkthrough |
| what the API expects for auth, scopes, and sessions | Developer API Auth | Developer Implementation Map |
| how shared-platform identity contracts are supposed to scale to other products | Shared Platform Builders | Build on AI Cloud |
| where provider administration stops and product IAM begins | Architecture Review Pack | Security & Production Readiness |
Reading Pack
- IAM Capabilities and Boundaries
- Account and Access
- Security & Production Readiness
- Developer API Auth
- Shared Platform Builders
- Architecture Review Pack
IAM Review Themes
| Theme | What matters |
|---|---|
| Federation boundary | What the IdP owns versus what platform IAM owns |
| MFA product posture | User/admin/operator journeys, recovery, and sensitive-op follow-up |
| Scopes and service accounts | How developers and future products consume shared identity contracts |
| Tenant/project authorization | How GPUaaS scopes product actions independently of external identity |
Portal-Native Answer
If the reader needs the direct answer instead of just the reading route, start with IAM Capabilities and Boundaries. This page remains the team guide and route map; the capabilities page is the concise product IAM model.