Portal Documentation
A guide to managing your applications and users through the Ailacs Identity Portal.
Quick Navigation
Getting Started
The Ailacs Identity Portal is where tenant administrators manage their applications, users, and subscription. Access the Portal by clicking Sign In at the top of this page and authenticating with your tenant account.
Portal Sections
| Section | Purpose |
|---|---|
| Dashboard | Overview of tenant activity, applications, and users |
| Applications | Create and configure OIDC applications |
| Users | View users and manage their roles |
| App Assignment | Assign or unassign users to specific applications |
| Billing | Subscription plan and API usage monitoring |
| Tenant Settings | Manage tenant details, linked tenants, and subscriptions |
Dashboard
The Dashboard is the first page you see after signing in. It provides a high-level summary of your tenant:
- Applications count — total number of OIDC applications registered under your tenant.
- Users count — total number of users who have authenticated through your applications.
- Recent Applications — a quick list of the latest applications added to your tenant.
- Recent Users — the most recently active users across your tenant.
Use the sidebar navigation to jump to any section of the Portal.
Applications
The Applications page lets you register and manage the OIDC clients that integrate with Ailacs Identity.
Each application gets its own client_id and client_secret for use in your codebase.
Creating an Application
Fill in the create form on the Applications page:
| Field | Description |
|---|---|
| Display Name | A human-readable name shown on the login/consent screen for this application. |
| Theme | Optional CSS theme identifier applied to the Identity login pages for this application. |
| Disable MFA | When checked, multi-factor authentication is not required for users signing in through this application. |
| Disable Social Logins | When checked, external social providers (e.g. Google) are hidden on the login page for this application. |
| Redirect URIs | One URI per line. These are the callback URLs that Ailacs Identity is allowed to redirect to after authentication. Must match exactly what your application sends. |
| Permissions | The OAuth 2.0 / OIDC capabilities granted to this application. See the permissions table below. |
Permissions Reference
| Permission | Type | Description |
|---|---|---|
code |
Response type | Allows the Authorization Code flow. Required for web applications. |
openid |
Scope | Enables OpenID Connect. Returns a sub claim identifying the user. |
profile |
Scope | Includes profile claims such as the user's display name. |
api |
Scope | Grants access to protected API resources. |
offline_access |
Scope | Issues a refresh token so users can stay signed in without re-authenticating. |
token |
Endpoint | Allows the application to use the /connect/token endpoint. |
authorization |
Endpoint | Allows the application to initiate the authorization flow via /connect/authorize. |
logout |
Endpoint | Allows the application to use the /connect/logout endpoint. |
userinfo |
Endpoint | Allows the application to call /connect/userinfo to retrieve claims. |
code, openid, profile, authorization, token, and logout are typically sufficient.
After Creation
Once saved, the application entry will display its generated client_id and client_secret.
Copy these values — they are used to configure your application's OIDC settings.
You can edit any of these settings later via the edit form on the same page. Redirect URIs can be updated at any time without affecting active sessions.
Integrating an Application
After registering your application in the Portal, configure your ASP.NET Core project to authenticate against Ailacs Identity
using the standard OpenID Connect middleware. The client_id and client_secret from the Portal go directly into your app's configuration.
ASP.NET Core Setup
Add the OIDC middleware in Program.cs:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = "https://auth.ailacs.com";
options.ClientId = "your_client_id";
options.ClientSecret = "your_client_secret";
options.ResponseType = "code";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.SaveTokens = true;
});Triggering Sign-In
Protect a page or action with [Authorize] — the middleware handles the redirect to /connect/authorize automatically.
To trigger sign-in manually from a Razor Page:
public IActionResult OnGet()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = "/"
}, OpenIdConnectDefaults.AuthenticationScheme);
}Triggering Sign-Out
public IActionResult OnGet()
{
return SignOut(
new AuthenticationProperties { RedirectUri = "/" },
CookieAuthenticationDefaults.AuthenticationScheme,
OpenIdConnectDefaults.AuthenticationScheme);
}redirect_uri your application sends matches one of the Redirect URIs registered in the Portal exactly, including scheme and path.
Users
The Users page lists every user who has registered or authenticated through any application under your tenant. From here you can inspect user details and manage their roles.
Assigning Roles
Roles are scoped per application. Select a user, choose the target application, and assign one or more roles.
These roles are then included as role claims in the user's ID token when they authenticate through that application.
User.IsInRole("your-role") or by reading the role claim directly.
App Assignment
The App Assignment page controls which users are permitted to sign in to each of your applications. By default, any user registered under your tenant can authenticate through any of your applications. Use App Assignment to restrict access to a specific subset of users.
Assigning a User
- Select the target application from the dropdown.
- Select the user to assign.
- Click Assign. The user will now appear in the assignment list for that application.
Removing an Assignment
Click Remove next to any user/application pairing to revoke their access. The user will be denied authentication on their next sign-in attempt for that application.
Billing
The Billing page gives you full visibility into your subscription and API consumption.
Subscription Overview
The top of the page shows your current subscription plan, including the maximum number of API calls and active users included. Upgrade or manage your subscription via the Tenant Settings page.
Per-Application Usage
The usage table breaks down API call counts for each application, so you can see which integrations are consuming the most quota.
| Column | Description |
|---|---|
| Application | Display name of the application. |
| API Calls | Number of authenticated requests made through this application in the selected period. |
| Limit | The maximum API calls permitted for this application under your current plan. |
Monthly Trend
The monthly trend chart visualises total API call volume and active user counts over the last several months, helping you plan capacity and anticipate when a plan upgrade may be needed.
Tenant Settings
The Tenant Settings page is your control centre for account-level configuration.
Subscription Management
View your active subscription and upgrade to a higher plan directly from this page. If you have an active Stripe subscription, a Manage Billing button appears, taking you to the Stripe customer portal where you can update payment methods, download invoices, and cancel your plan.
Linked Tenants
Enterprise customers can link multiple tenants together so that users from one tenant can authenticate through applications belonging to another. Send an invitation from this page — the recipient accepts via their own Tenant Settings page.
Invitations
Pending outbound invitations are listed here. You can cancel an invitation at any time before it is accepted.
Need Help?
Our support team is here to help you get the most out of Ailacs Identity.
API Reference Contact Support