Skip to content
Aether Platform

Built-in IdP & Identity

While Aether Platform integrates seamlessly with external Identity Providers (IdPs), it also incorporates sophisticated Built-in IdP capabilities. This enables granular access control that spans the entire development lifecycle, going far beyond simple SSO (Single Sign-On).

Integrated Identity System

Aether’s authentication system is deeply woven into NCS (Network), Cloud IDE (Workspace), and Audit mechanisms.

  • Unified Identity: A single identity permeates everything: from network connections and IDE logins to Git commit signing.
  • Identity-Aware Access: Access control is based on authenticated user identities, not network location (IP address). Granular permissions are managed via RBAC.

Multi-Tenant Membership

In the Aether Platform, a single user can belong to multiple tenants. This enables flexible operations for cross-organizational projects and collaborations with external partners.

  • Global Identity: Users have a single common ID (Internal IdP or External IdP).
  • Context Switching: Users can switch between the tenants (organizations) they have access to after logging in.
  • Isolated Roles: Different roles can be assigned per tenant (e.g., Admin in Tenant A, Developer in Tenant B), and permissions are completely isolated.

SCIM Integration & Provisioning

We provide native support for SCIM (System for Cross-domain Identity Management), essential for managing large-scale organizations.

Automated Provisioning

When employees join, leave, or move departments, changes made in upstream IdPs (like Okta or Entra ID) are automatically synchronized to Aether.

  1. Onboarding (Join): Accounts are automatically created in Aether and added to default team groups. Access to development environments is granted instantly.
  2. Offboarding (Leave): When an account is deactivated in the IdP, access rights are revoked.

Group Synchronization

Map departmental groups from your IdP (e.g., Engineering-Dept, Contractors) directly to Aether team permissions. This eliminates manual errors in access management.

SSO (Single Sign-On) Support

We support OIDC / SAML integration with major enterprise IdPs:

  • Okta
  • Microsoft Entra ID (Azure AD)
  • Google Workspace
  • GitHub Enterprise
  • Generic OIDC/SAML

RBAC (Role-Based Access Control)

Flexible role management tailored for development workflows.

RoleScope
Organization AdminManage entire org, view audit logs, billing.
Network AdminManage NCS routing rules, authorized domains.
Workspace ManagerCreate/delete workspaces, manage Golden Images.
DeveloperAccess own workspaces (creation rights can be restricted).
AuditorView audit logs only (Read-only).