Tenant issuer hosts
Issuer metadata, login, token issuance, and claims are resolved for the current host.
Architecture
Host-based multi-tenancy for OAuth2 and OIDC.
OpenIssuer resolves the issuer from the incoming host, so each tenant can use a distinct authorization domain while sharing the same platform.
UserBusiness AppTenant IssuerTokens
Admin management
Admins manage organizations, users, roles, OAuth clients, and default organization behavior.
Passkey MFA
Users can enroll passkeys and complete MFA during the authorization flow.