🛡️Introduction

Enterprise-grade Authentication & Authorization Gateway for Atlas Microservices

Atlas Auth Guard is a centralized authentication and authorization service that provides:

  • 🔐 Single Sign-On (SSO) via Google OAuth

  • 👥 Multi-tenant architecture with Organization → Team → Project hierarchy

  • 🎭 Role-based access control (RBAC) with fine-grained permissions

  • 🔑 API key management for service-to-service communication

  • 🚦 Service routing to backend microservices with policy enforcement

🌐 Environment URLs

Production Environment

Service
URL
Description

Web Dashboard

https://auth-gw.atlas.turing.com

Admin portal for managing teams, projects, users

API Endpoint

https://apac-atlas-guard-svc-589688574290.asia-south1.run.app

Backend API

API Documentation

https://apac-atlas-guard-svc-589688574290.asia-south1.run.app/v1/docs

Swagger UI with all endpoints

Health Check

https://apac-atlas-guard-svc-589688574290.asia-south1.run.app/v1/health

Service health status

Development (R&D) Environment

Service
URL
Description

Web Dashboard

https://auth-gw.rd.atlas.turing.com

Development admin portal

API Endpoint

https://apac-atlas-guard-svc-264685500362.us-central1.run.app

Development API

API Documentation

https://apac-atlas-guard-svc-264685500362.us-central1.run.app/v1/docs

Development Swagger UI

Health Check

https://apac-atlas-guard-svc-264685500362.us-central1.run.app/v1/health

Development health status

📚 Documentation Guide

For End Users

Document
Description

Getting Started

Quick overview of how to use the system

Team Management

Understanding teams, members, and team policies

Project Management

Managing projects, metadata, and data isolation

User Management

User roles, permissions, and access control

API Keys

Creating and managing API keys

For Developers

Document
Description

SSO Integration

Integrate SSO into your application

Service Routes

How Auth Guard routes requests to backends

Service Policies

Service-to-service authorization

Security Model

Complete security architecture

Troubleshooting

Common issues and solutions

🏗️ System Architecture

Multi-Tenant Hierarchy

Atlas Auth Guard implements a three-level tenant hierarchy:

Key Concepts

Concept
Description

Organization

Top-level tenant. All users, teams, and projects belong to an organization. Currently: "Turing"

Team

Logical grouping of users. Teams have service access policies that control which backend services members can use.

Project

Isolated workspace within a team. Each project has its own API key and data isolation.

User

Individual authenticated via Google OAuth. Users have roles at global, team, and project levels.

👥 Role Hierarchy

Atlas Auth Guard implements a comprehensive role-based access control (RBAC) system:

Effective Role Calculation

When you access a resource, your effective role is determined by the most specific assignment:

Priority
Check
Example

1️⃣ Highest

Explicit project role

You have viewer on Project X → You're a viewer

2️⃣

Explicit team role

You have team_admin on Team A → You're team_admin for all projects in Team A

3️⃣ Lowest

Global role (fallback)

You're org_admin globally → Full org access where no explicit role exists

Important: Even super_admin can be restricted to viewer on a specific project if explicitly assigned.

🚀 Getting Started

For Dashboard Users

  1. Login: Go to https://auth-gw.atlas.turing.com and click "Sign in with Google"

  2. Select Context: Choose your team and project from the dropdown

  3. Navigate: Use the sidebar to access Teams, Projects, Users, API Keys, etc.

For Developers Integrating SSO

See SSO Integration Guide for complete documentation.

For Backend Services Using API Keys

See API Keys Guide for complete documentation.

🔄 Request Flow

Here's how a request flows through the system:

📞 Support

  • API Documentation: See Swagger UI links above

  • Issues: Contact [email protected]

  • Feature Requests: Create a ticket in JIRA

Built with ❤️ by the Turing APAC Platform Team

NextMulti-Tenancy

Last updated