Docs
Practical guide to Doorman: what users can do, how operators set it up, and how technical teams integrate auth, RBAC, billing, and usage.
Getting started
What Doorman is
Doorman is a self-hosted control plane for SaaS identity and billing. It combines Ory Kratos sessions, Ory Hydra OIDC, app/tenant RBAC, service accounts, Stripe-backed subscriptions, usage metering, and operator dashboards.
- Users sign in, join orgs/tenants, and access apps through assigned roles.
- Operators manage orgs, apps, tenants, members, SSO providers, billing, plans, meters, and service accounts.
- Integrators use OIDC tokens, app-scoped APIs, and the React SDK from their own products.
Repo map
apps/web: Doorman dashboard, auth UI, consent UI, and docs.examples/sample-spa: browser OIDC sample app.examples/sample-client: server-side OIDC sample app.services/control-api: Fastify control-plane API and migrations runner.services/worker: billing, usage, retention, and alert jobs.packages/react-sdk: integration helpers for auth, SSO, billing, and generic authorization.infra/compose,infra/ory,infra/db: local services, Ory config, migrations, and seeds.
Local start
pnpm install cd infra/compose docker compose up -d cd ../.. pnpm --filter @doorman/control-api migrate pnpm dev:api pnpm dev:web
Run API and web in separate terminals. The compose stack starts Postgres, Kratos, Hydra, and Mailslurper.
Core URLs
- Web:
http://localhost:3000 - Control API:
https://doorman.f1cs-dev.it - Kratos public:
https://doorman.f1cs-dev.it/kratos - Hydra issuer:
https://doorman.f1cs-dev.it/oauth2 - OIDC discovery:
https://doorman.f1cs-dev.it/oauth2/.well-known/openid-configuration - Swagger UI: open API docs