Strategic scope
Architecture is documented as a chain of authority, control, and data movement points. Every edge in the identity fabric has an owner, an invariant, and a failure mode that operators can reason about.
Trust boundaries
- SSO boundary: human identity, MFA, SAML assertions, OIDC readiness where enabled, group claims, and operator session establishment.
- SCIM boundary: bearer-token provisioning ingress, user lifecycle semantics, supported filters, paging, and Okta-compatible errors.
- FreeIPA boundary: LDAP state, Kerberos-aware attributes, group
cnidentity, and Linux enforcement ownership. - ITSM boundary: TeamDynamix ticket creation, webhook status updates, ticket correlation, and dry-run execution queues; ServiceNow-class integrations should use the same evidence handoff model until a dedicated connector exists.
- Operations boundary: route inventory, audit logs, health checks, drift previews, federation readiness, and gated execution.
Recommended decision order
- Define SAML/OIDC claim mapping, SCIM attribute transforms, and application ownership before enabling writes.
- Validate idempotent behavior across repeated user create, update, and disable operations.
- Confirm FreeIPA/Linux enforcement evidence before broad rollout.
- Attach rollback checkpoints for each boundary stage.
Architecture entry points
Architectural guardrails
- Each stage in the graph must provide a deterministic output before the next stage starts.
- Connector outputs are immutable audit events tied to a request correlation ID.
- Policy decisions must fail closed when the runtime policy set is incomplete.