enterprise identity standards, modern identity protocols and directory services via a single auth service. REST + webhooks for every product. Multi-institution and consortium isolation at the database query, not the application layer. EU data residency. Hosted by Accadema or by you.
Authentication is centralised in CAM (Central Auth Middleware) and exposed over standard protocols — the identity standards your IT team already runs. Every Accadema product validates tokens against the same service; nothing rolls its own auth. Cross-institution access exists only inside an opt-in partnership, and every cross-institution event is logged.
Institutional isolation is enforced at the database query layer through a institution-aware data access, not by hoping the application code remembers a WHERE clause. Cross-institution sharing requires three explicit opt-ins — institution-level setting, user action, accessing institution's shared partnership — and is audited with the partnership context attached.
CAM is the central auth service (live at auth.accadema.com). the identity standards your IT team already runs. modern session tokens with refresh, short TTL, tamper-resistant audit log.
Every product exposes REST endpoints under /v1/…. Inter-product communication is API-first, with webhooks for the asynchronous case. No direct database reads across product boundaries.
Federated SaaS — products run either Accadema-hosted or client-hosted, typically a mix. Reversible deploys with tested rollback under five minutes. Backups before every migration.
Architecture review, security questionnaire, federation testing — bring the questions.