The platform's central authentication service. One identity, every product, every institution.
CAM (Central Auth Middleware) is the single authentication and authorisation service for the entire platform. Every other Accadema product — applications, services, Implementation packages — verifies tokens through CAM; nothing rolls its own auth. The patron, the librarian, the researcher and the rector all sign in once and traverse the platform without re-authenticating.
CAM owns its own database, deliberately separated from application data. Cross-institution access exists only inside an opt-in partnership and is logged with the partnership context, in a tamper-resistant audit trail. The login surface itself is a canonical two-step (identifier → credential) shared across every Accadema product, with per-institution branding limited to the colour, logo and display name.
standard identity protocols, modern identity protocols, academic identity federations and directory services. Magic link, password and SSO redirect — backend-resolved per user. Two-step canonical login surface.
Per-institution RBAC, per-institution branding, per-institution data isolation enforced at the query layer. Default is always private; consortium sharing is opt-in.
Every authentication event, every cross-institution access and every permission change, logged in a tamper-resistant database that no other product can write to.
Atena, Atlas, Stellaris, Tesara, Hermes, Orin, Europa, Apolon, Iris and Thelios verify identity through CAM. No product reads CAM's database directly.
When two institutions belong to the same partnership, CAM resolves shared visibility on session bootstrap — never automatic, always audited.
academic identity federations for academic federations; the institution's existing directory services for staff; researcher identity for the researcher identity link.
CAM is the operational backbone of the platform — live at auth.accadema.com, audit-trailed every authentication, every cross-institution access.