Overview

ScaiKey is the identity platform underneath the ScaiLabs ecosystem. It's a multi-tenant OpenID Connect provider with directory services, federated SSO, multi-factor authentication, SCIM provisioning, and machine-to-machine token issuance.

Every application in the ScaiLabs ecosystem authenticates against ScaiKey, and you can register your own apps the same way using standard OAuth 2.0 / OIDC.

What you'd use it for#

• Single sign-on across multiple apps — one login, many products, with consistent session management and logout.
• A place to decide who can access what — partners, tenants, users, groups, roles, and per-application assignments.
• Service-to-service tokens — client_credentials and RFC 8693 Token Exchange for backend systems that talk to other backend systems.
• A SCIM-compatible directory backbone — let an external HR system provision users into ScaiKey, then have everything downstream see the change.
• Federation with external IdPs — bring users in from Azure AD, Okta, Google Workspace, or any OIDC/SAML provider.

What it isn't#

ScaiKey is not a CRM, a billing system, or product analytics. It is the identity layer underneath those — the source of truth for who and what they may do. Information about who paid for what lives in product-specific systems.

How to read these docs#

• New here? Start with Quickstart — five minutes from registering an application to getting a working access token.
• Want the mental model? Read Concepts end-to-end.
• Integrating an app right now? Jump to Tutorials.
• Looking up an endpoint, scope, or event type? Reference is the authoritative listing.
• Hit a 401 or 403 you don't understand? Troubleshooting.