← ClaudeAtlas

identity-accesslisted

Use for authentication, authorization, SSO, and multi-tenant isolation — OIDC/OAuth2 + PKCE, enterprise SAML SSO, SCIM provisioning, RBAC/ABAC/ReBAC, deny-by-default server-side authz, tenant isolation, sessions/tokens/MFA. Trigger on "login/auth", "SSO/SAML/OIDC", "SCIM/provisioning", "roles/permissions/RBAC", "multi-tenant isolation", "tokens/sessions/MFA", or any identity/access decision.
StielChancellor/VibeGod-Tech-Team · ★ 0 · Code & Development · score 65
Install: claude install-skill StielChancellor/VibeGod-Tech-Team
# Identity & Access (IAM) Standards-based identity, authorization, and tenant isolation for enterprise multi-tenant SaaS. Backs the `identity-access-engineer`; implements under the `security-architect`'s zero-trust design and is reviewed by `security-engineer`. Honors vibegod-principles + `secure-coding`. User > skills > default. ## Fits in the pipeline Stage 4 (the security-architect sets the isolation/trust model), Stage 6 (implementation), Stage 7 (security review of authz + cross-tenant isolation). Continuous. ## AuthN — standards only - **OIDC (Authorization Code + PKCE) for user login** — PKCE is mandatory for public clients and the AS must reject downgrade. OAuth alone = delegated access ("what can this app do"); OIDC adds identity ("who is the user") via a signed ID token. **SAML 2.0 for enterprise SSO** where the customer IdP (Okta/Entra/Google) requires it — validate assertion signature, issuer, audience, timestamps. - **Bans:** the Implicit grant and **ROPC/password grant** (blocks MFA, leaks creds). **Exact-match redirect URIs** (no wildcards). **Audience-restrict** access tokens (`aud`). Prefer **short-lived access tokens + refresh-token rotation** (one-time use; reuse → revoke the chain) or sender-constraint. ## Provisioning + SSO lifecycle - **SCIM 2.0** for the full lifecycle: provision (POST), update (PATCH/PUT), and **DELETE to deprovision** (a security control on offboarding, not a convenience). **JIT** from the SSO assertion for low-frict