Kanshin · Identity Platform
Kanshin — Documentation
Everything you need to run identity and single sign-on for your organization with Kanshin — Nandeshou’s identity platform. Kanshin is the console where administrators set up the applications their people sign in to, manage users and groups, enforce multi-factor authentication and access policies, and provision accounts from an external directory. Start with Getting Started, then work through the guide for each area.
Kanshin manages your identity configuration; the sign-in itself is handled by Kanshin’s authentication service, which your applications connect to using the open OpenID Connect and OAuth 2.0 standards.
In this documentation
- Getting Started Sign in to the Kanshin portal, understand organizations and realms, create or join an organization, and find your way around the console.
- Organizations & Realms The isolation model at the heart of Kanshin. This page covers organizations (tenants), realms (environments), and how they keep your identity data separate.
- Users & People Create and manage the people in your organization. This page covers user records, adding a user, the welcome email, and account lockout protection.
- Members & Invitations Bring people into your organization. This page covers membership, inviting users, accepting and declining invitations, and removing members.
- Applications Register the applications your people sign in to. This page covers OpenID Connect / OAuth clients, redirect URIs, scopes, grant types, PKCE, and secrets.
- Application Access Decide who may sign in to each application. This page covers assignment-based, zero-trust access control for your registered applications.
- Single Sign-On How sign-in works with Kanshin. This page explains OpenID Connect, the sign-in flow, tokens and scopes, and the standard endpoints your apps connect to.
- Multi-Factor Authentication Add a second factor to sign-in. This page covers authenticator-app (TOTP) enrollment, backup codes, and managing MFA for the people in your organization.
- Roles & Permissions Control what people can do. This page covers permissions, built-in and custom roles, assigning roles to users, and scoping an assignment to a realm.
- Groups Organize users into groups. This page covers creating groups, nesting them into a hierarchy, managing membership, and using groups to grant application access.
- Custom Attributes Attach your own data to users, groups, and the organization. This page covers attribute definitions, assigning values, and how attributes reach your apps.
- Security Policies Set the rules for passwords and sessions. This page covers password policies, session policies, and how policies apply across an organization and its realms.
- Directory Provisioning (SCIM) Sync users and groups automatically from your identity provider. This page covers SCIM tokens, connecting Okta or Azure AD, and the provisioning lifecycle.
- Machine-to-Machine Access Let services and scripts authenticate as themselves, with no user involved. This page covers the client-credentials flow for backend and automated access.
- Sessions, Audit & Security Sessions and how Kanshin keeps your organization safe. This page covers sign-in sessions, token lifetimes, the audit log, and Kanshin's security posture.