Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: An authorization is performed based on data types—an authorization model, and relationship tuples—that are applicable across different organizations. Each organization wishing to use a system for authorization specifies its own authorization models representing types of objects that can exist within the organization and types of relations those objects can have. When a given organization submits an authorization query to determine whether a given user and a given object are in a given type of relation within that organization, the system analyzes the authorization model and relationship tuples to make the determination. Query response latency may be reduced through techniques such as geographic distribution of servers and sharding of data so that the data for a given query can be found within the same shard.

Abstract: An authorization system provides authorization services for multiple tenant organizations. The authorization is performed based on standardized data types—an authorization model, and relationship tuples—that are applicable across the different organizations. Each organization wishing to use the system for authorization specifies its own authorization model(s) (representing the types of objects that can exist within the organization, and which types of relations those objects can have) and relationship tuples (representing the existing user/object relationships within the organization). When a given organization submits an authorization query to determine whether a given user and a given object are in a given type of relation within that organization (e.g., whether the user can perform a particular action on the object), the system analyzes the authorization model and relationship tuples to make the determination.