An open-source AI-first Identity and Access Management (IAM) /AI MCP gateway and auth server with web UI supporting MCP, A2A, OAuth 2.1, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
Identity and Access Management for the Hanzo ecosystem.
UI-first centralized authentication / Single-Sign-On (SSO) platform supporting
OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, and RADIUS.
- OAuth 2.0 / OIDC provider -- standards-compliant identity provider with full authorization code, implicit, client-credentials, and device-code flows
- SAML / CAS / LDAP -- enterprise federation and directory integration
- WebAuthn / Passkeys -- passwordless authentication with FIDO2 hardware keys and platform authenticators
- TOTP / MFA -- time-based one-time passwords and multi-factor authentication
- Social login -- 40+ identity providers (GitHub, Google, Apple, Microsoft, Discord, and more)
- RBAC -- role-based access control with fine-grained permissions
- Multi-tenancy -- multiple organizations and applications in a single deployment
- API-first -- full REST API for programmatic user, application, and organization management
- SCIM provisioning -- automated user lifecycle management
- RADIUS -- network access authentication
docker run -d \
--name hanzo-iam \
-p 8000:8000 \
hanzoai/iam:latestOpen http://localhost:8000 in your browser.
# compose.yml
services:
iam:
image: hanzoai/iam:latest
ports:
- "8000:8000"
volumes:
- iam-data:/var/lib/iam
restart: unless-stopped
volumes:
iam-data:docker compose up -dgit clone https://github.com/hanzoai/iam.git
cd iam
go build ./...Hanzo IAM serves SSO across the Hanzo ecosystem:
| Domain | Purpose |
|---|---|
| hanzo.id | Hanzo AI accounts |
| lux.id | Lux Network accounts |
| zoo.id | Zoo Labs accounts |
| pars.id | Pars accounts |
Full documentation is available at docs.hanzo.ai.
Originally derived from Casdoor by the Casbin community. See the upstream LICENSE for attribution.
Copyright 2025-2026 Hanzo AI Inc