User identity and accounts
In authentication systems, users are represented through identities and accounts. These are the core concepts that let your system know who someone is and what they can do.
What is an identity?
Section titled “What is an identity?”An identity represents a unique person or entity in your system. It’s like a digital fingerprint that contains everything needed to verify who someone is.
Think of it as the “who” in your authentication system.
What is an account?
Section titled “What is an account?”An account is what your application uses to manage users. It’s separate from Prefactor’s identity system and contains:
- the user’s identity information (from Prefactor)
- application-specific data and preferences
- system permissions and roles for your app
Your application handles accounts, while Prefactor handles the identity and authentication parts.
How authorization works
Section titled “How authorization works”When a user tries to access something, your system needs to decide if they’re allowed. This happens by:
- Identifying the user - using their authenticated identity
- Checking their permissions - seeing what they’re allowed to do
- Making the decision - granting or denying access
Common authorization questions
Section titled “Common authorization questions”Your system might ask:
- “Can this user read this document?”
- “Is this user allowed to create new accounts?”
- “Can this user access the system from this location?”
The answers depend on the roles and permissions assigned to their account.
Understanding these basic concepts helps you build systems that properly control who can access what in your application.