Overview

This section is the identity model, how Olympus represents users, what fields they have, what credentials they can use, and how they move through the self-service flows.

The shape of an identity

In Kratos terms, an identity has:

1. Traits, a JSON object matching the identity schema. Olympus ships four schemas (default, customer, company for CIAM; admin for IAM). See Identity Schemas.
2. Credentials, zero or more authentication factors: password, OIDC (social login), TOTP, WebAuthn, recovery codes.
3. Verifiable addresses, identifiers (typically email) that have been verified, are pending verification, or are unverified.
4. Recovery addresses, identifiers eligible to receive a recovery code.

Per-schema reference

• CIAM default schema
• CIAM customer schema
• CIAM company schema
• IAM admin schema

Identifiers and verification

• Identifiers and verification, what makes something an identifier; the verification lifecycle.

Sessions

• Sessions, AAL, refresh, session lifetimes, authenticator assurance levels, refresh.

The five Kratos flows

• Login flow, state diagram.
• Registration flow
• Recovery flow
• Verification flow
• Settings flow

Multi-factor

• TOTP and WebAuthn
• MFA policy

Social IdPs

• Social login, end-user perspective.
• Account linking, linking a social IdP to an existing password identity.
• Social connections admin, admin perspective.