iObeya ID manages user identities across the iObeya ecosystem. It is the layer that verifies your identity before you access any iObeya service. Once your identity is confirmed, iObeya grants access to the right rooms, boards and roles.
iObeya ID applies to the iObeya application and to related services such as Gemba and the Service Hub. It centralizes authentication and identity management across all iObeya platforms and can support additional services over time:
It manages your local username and password.
It connects to your company identity provider for SSO.
It applies password rules, brute-force protection and security controls.
It verifies your email address when needed.
It supports Multi-Factor Authentication for stronger protection.
It provides a consistent login experience for all users.
Because iObeya ID is based on Keycloak, it includes several advanced features. The identity service also provides dedicated APIs used by iObeya.
.png)
iObeya ID focuses on authentication only. It identifies you and sends this information to iObeya. Your roles/permissions stay managed inside the iObeya application.
The separation between authentication and roles strengthens security and ensures a stable login flow for all users.
Linking iObeya With iObeya ID
iObeya uses a default authentication mechanism based on SAML to connect with iObeya ID. This mechanism is already in place on the platform, therefore every login is managed by the identity service.
When a new platform is created, this authentication mechanism is added automatically.
On legacy v4 versions of iObeya, if you are an administrator and you open the Authentication policies section, you may see the policy that controls the redirection to iObeya ID. Because of this policy, users are always redirected to iObeya ID when they sign in. The identity service checks who they are then sends them back to the platform.
You should not change this policy because your platform needs it to manage authentication correctly.
Understanding Default Authentication
iObeya paltforms come with a default authentication setup managed by iObeya ID. This setup defines how users sign in the first time and how accounts are created when the platform is new.
When a new platform is created, administrator access to iObeya ID is not given to customer administrators by default. Only specific iObeya staff receive this access because it is used for technical identity configuration.
The following people may have administrator permissions in iObeya ID when your platform is created:
Members of the iObeya support team (created by defaut by our SRE team)
Consultant assigned to your project (created by our support team)
Additional technical consultants when identity configuration is required (created by support if known at the moment of the platform creation)