Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact

ScaiKey. An Enterprise-grade IAM service backing the ScaiLabs platform.

Whether you harness a local Active Directory environment, an Azure Cloud deployment, Google Cloud: Integrate your existing users and groups with our platform without breaking a sweat.

Overview

One identity system for the entire platform

Every service in the ScaiLabs ecosystem needs to know who’s making a request and what they’re allowed to do. ScaiKey is the single source of truth for both questions.

It handles authentication (proving who you are) and authorisation (determining what you can do) for every component: ScaiGrid, ScaiWave, ScaiBot, ScaiDrive, ScaiCMS, and all other services. One login, consistent permissions, everywhere.

Architecture

Multi-tenancy model

ScaiKey’s hierarchy maps directly to real-world organisational structures.

01

Platform

The ScaiLabs instance (self-hosted or cloud). Top-level administration and global policies.

02

Partner

Service providers, ISPs, or MSPs. Each partner manages their own customers independently.

03

Tenant

Individual organisations or customers. Complete data isolation, separate configuration and user management.

04

User

End users within a tenant. Groups, roles, and fine-grained permissions inherited from the organisational structure.

Identity

Federation & SSO

Microsoft Entra ID

Full federation with Azure AD / Entra ID. Users authenticate with their existing Microsoft credentials.

Google Workspace

OIDC federation with Google. Seamless SSO for Google-first organisations.

SAML 2.0

Standard SAML support for legacy enterprise identity providers.

Custom OIDC

Connect any OpenID Connect-compatible identity provider. Keycloak, Auth0, Okta, and more.

Local accounts

Built-in user management for organisations without external identity providers.

Multi-factor auth

TOTP and WebAuthn support for additional security layers.

Integration

How ScaiKey connects

Every platform component delegates identity to ScaiKey.

ScaiGrid

API authentication, model access control, and per-tenant token accounting.

ScaiWave

User identity, room permissions, federation trust, and cross-org access control.

ScaiDrive

File permissions, share access, and storage quota management per user and group.

ScaiBot

Bot instance ownership, knowledge base access scoping, and conversation audit trails.

ScaiCMS

Content permissions, site-scoped access, and editorial workflow authorisation.

ScaiVault

Secret access policies, credential scoping, and certificate issuance authorisation.

Use Cases

ScaiKey in practice

Enterprise deployment

Federate with your existing Active Directory. Users see ScaiLabs services in their app launcher. No new passwords to remember.

Service provider platform

ISPs and MSPs manage customer tenants. Each customer federates their own identity provider. Complete isolation.

Managed workspace

MSPs provision and manage user accounts, groups, and permissions centrally across all client tenants.

Ready to integrate your identity provider?

ScaiKey connects to your existing infrastructure in minutes.

Get in Touch