Docs

Practical guide to Doorman: what users can do, how operators set it up, and how technical teams integrate auth, RBAC, billing, and usage.

User guide

Dashboard model

Doorman is organized as org -> app -> tenant. Orgs own apps and billing configuration. Tenants represent customer workspaces. Users get org roles and app roles inside tenants.

What users can do

  • Sign up, log in, recover accounts, verify email, and update settings.
  • Request access to an org and accept org or tenant invites.
  • Switch active org context from the dashboard.
  • Use apps only where tenant membership and app role permissions allow it.
  • Authorize third-party apps through OAuth consent.

Operator paths

  • /dashboard/orgs: create and manage organizations.
  • /dashboard/orgs/:orgId?tab=members: invite members and assign org roles.
  • /dashboard/orgs/:orgId?tab=identity-providers: configure SSO providers and email-domain routing.
  • /dashboard/orgs/:orgId/apps/:appId?tab=oauth: create OAuth clients.
  • /dashboard/orgs/:orgId/apps/:appId?tab=roles: define app roles and permissions.
  • /dashboard/orgs/:orgId/apps/:appId?tab=plans and ?tab=meters: define billing catalog.
  • /dashboard/tenants/:tenantId: manage tenant members, app access, subscriptions, and service accounts.