Portal — central authentication

Naming: The program is referred to internally as Portal. This vault uses the folder slug anabatic-sso (Projects/anabatic-sso/) as the stable path alias — wikilinks stay [[Projects/anabatic-sso/anabatic-sso]], etc.

TL;DR

Portal is the centralized single sign-on surface for internal Anabatic applications (this hub does not describe other employers’ or clients’ IdPs). Consumers authenticate via the Portal/IdP API; downstream NestJS backends validate identity using cookies forwarded from the browser (SPA → API). Behavioral contract is shared across dev / staging / UAT / production tiers.

Outcome

• Problem: Engineers need one place documenting how apps join the Portal (SSO) surface and how session cookies propagate.
• Desired outcome: Onboarding checklist + accurate flow/menu/RBAC notes without duplicating the group-wide stack memo ([[Areas/Anabatic/Tech stack]]).

Status

• Current phase: knowledge capture starting
• Next milestone: Document auth session flow, menus, RBAC, and new-app registration procedure.
• Target date:
• Health:

Quick Links

• [[Projects/anabatic-sso/context/index|Project context]]

Recent Changes

• 2026-05-18 — Primary name set to Portal; anabatic-sso kept as vault path alias only.
• 2026-05-18 — Hub created from area tech-stack capture; placeholders for flows and RBAC.

Next Actions

• [ ] Add auth flow narrative (cookies, middleware contract, redirects)
• [ ] Document menu provisioning / sources
• [ ] Document RBAC integration points per consumer app
• [ ] Add “register a new OIDC/client app” or internal checklist equivalent

Related

• [[Areas/Anabatic/Anabatic]]
• [[Areas/Anabatic/Tech stack]]