Authentication & User Management for the Worktree Ecosystem

The Worktree Auth Service powers secure sign-in, token issuance (JWT), and centralized user, role, and group management across all Worktree products (HRMS, Workforce, LMS, Projects). It also integrates with Microsoft Entra ID and Google for enterprise SSO, supporting both Just-in-Time and scheduled syncs.

JWT • JWK OAuth2 / OIDC Multi-Tenant & Multi-Product Audit & RequestId
Open API Docs Learn more
99.9%
Uptime
42 ms
Median Auth
1,000+
Tenants

About the Auth Service

What it provides

  • Issue, refresh, validate, and revoke JWT access/refresh tokens.
  • Centralized user lifecycle: create, update, deactivate, and audit.
  • Role/permission management with product scoping.
  • Group management and external identity linking (Microsoft/Google).
  • Consistent ApiResponse<T> contract for all endpoints.

Developer experience

  • OpenAPI documentation available at /docs-ui/index.html.
  • Stable versioned routes under /api/**.
  • Structured error model with requestId correlation.
  • Pagination, filtering, and idempotency where applicable.

Security Highlights

  • Stateless JWT validation; optional JWKs endpoint for key rotation.
  • Tenant-aware throttling and per-tenant IP allow/deny evaluation.
  • Minimal PII in logs; audit trails with redaction where needed.
  • HSTS, TLS-only endpoints, and CSRF-safe patterns for browsers.
  • Integration with Microsoft Entra ID and Google for SSO.
  • JIT provisioning or scheduled group/user sync.
  • Fine-grained role/feature mapping per product.
  • Defensive defaults and safe error surfaces.

Products Powered by Worktree Auth

HRMS

Employee lifecycle, payroll, and attendance.

Workforce Productivity

Agent-based activity insights and coaching.

LMS

Courses, assignments, and analytics.

Projects

Tasks, sprints, and collaboration.

Ready to integrate?
Open the API reference to get started with endpoints, models, and examples.
Go to API Docs