Projects

Projects are collaboration spaces where teams work on authorization configurations in isolation from other teams.

This structure allows multiple teams to work simultaneously on different tasks within the Authorization Hub while ensuring clear governance and auditability per team. It also eliminates naming collisions, preventing teams from accidentally overwriting one another's policy/attribute/attribute connectors/domain names, which could otherwise break their authorization configurations.

Projects contain the following:

• Attributes
• Attribute connector configurations
• Policies
• Domains (created when you publish a project)

Project membership

Projects are restricted environments. To access a project, a member must be added and assigned a project-specific role. In this context, a member can be:

• Users: Human collaborators interacting with the UI.
• Clients: Machine-to-machine clients that access and use the Authorization Hub API programmatically.

Both users and clients are subject to the same access control within a project.

Project roles

The Authorization Hub utilizes project-specific roles to streamline management. The available Project roles and their associated permissions are detailed below:

	Domain viewer	Project viewer	Project editor	Project admin
View domains	✔️	✔️	✔️	✔️
View project components	❌	✔️	✔️	✔️
Manage project components	❌	❌	✔️	✔️
Manage project details* and members	❌	❌	❌	✔️
Leave a project	✔️	✔️	✔️	✔️

*Project details are considered the project name and its description.

Project roles are distinct from general Authorization Hub roles (Tenant admin, Admin, and User) analyzed in the User management section. To access a specific project, a user must be added as a member and assigned a project-specific role. The only exception is the Tenant admin, who can join any project and automatically receives Project admin permissions.

note

Tenant Admins can view all projects and manage memberships even if they are not active project members. This ensures projects remain manageable even if a designated Project admin becomes unavailable.

Interface

The Projects page provides a comprehensive list of all existing projects and presents key information at a glance, including the project name and description, your role in the project, and the members of each project.

Additionally, it offers a filtering functionality that allows you to refine the projects list and narrow down the displayed projects.

note

Access to specific data and options on this screen may be restricted depending on your project role.

Through this page you can also:

• Create a project

  Learn how to start a new project in the Create a project section.

• Manage projects

  To manage a project, click the three dots on the far right of the project row and select Manage project. This page allows you to refine the project’s details and members depending on your project role. The fields are similar to those when you create a project.

• Leave projects

  Remove yourself from a project by clicking the three dots on the far right of the project row and selecting Leave project.

  Important

  In order to rejoin a project, you must be reinvited by a Project admin.

• Start working on a project

  Click a project's name to begin working on its policies or to monitor and manage the attributes, connectors, and domains available within that project, as detailed in the Quick start section.

Create a project

Create a new project from the Projects page as follows:

tip

Managing an existing project uses the same process described below, except that you must click Update in the last step to save your changes.

1. Click + New project in the upper right corner.

   note

   For your first project, the button is located in the center of the screen.

2. Enter a unique name in the Project name field.

3. Optionally, you can add details or some information about this project in the Description field.

4. Select the users and clients to assign to this project.

   Users

   1. Filter the list using the search field at the top. Results will update dynamically as you type.

   2. Select the users by checking the boxes on the left side of the list.

      tip

      Use the master checkbox above the list to select or deselect all entries at once.

   3. Assign a role to each user using the dropdown menu on the right.

      note

      Users with the Tenant admin role are automatically assigned Project admin status, granting them full access to the project.

   Clients

   1. Filter the list using the search field at the top. Results will update dynamically as you type.

   2. Select the clients by checking the boxes on the left side of the list.

      tip

      Use the master checkbox above the list to select or deselect all entries at once.

   3. Assign a role to each client using the dropdown menu on the right.

5. Click Create to finish.

Once the project is created, the Authorization Hub sends an email notification to all members informing them that they have been added to the project.

note

Even if the email fails to deliver, the users are still successfully added as project members.

API reference

The Authorization Hub REST API interactive documentation is available in the Swagger UI API. You can access the API schemas and endpoint definitions for the projects service using the following URL:

http(s)://<authorization-hub-url>/api/hub-service/swagger-ui/index.html#/Project