Skip to main content

LumoAuth Documentation

LumoAuth is an identity platform for traditional applications and autonomous AI agents. It implements the standard protocols — OAuth 2.0, OpenID Connect, SAML 2.0, SCIM 2.0, WebAuthn — and layers on fine-grained authorization (RBAC, ABAC, Zanzibar ReBAC), adaptive MFA, and first-class agent identity.

If you are new to identity protocols, start with Core Concepts. If you already know OAuth, pick a track below and skip ahead.

Base URL

All API endpoints are scoped to an organization: https://app.lumoauth.dev/orgs/{orgId}/api/v1/ EU region: https://eu.app.lumoauth.dev/...

Pick your track

Each track is an ordered reading path. Follow it top to bottom and you will have a working result — no guesswork about what to read next.

You are…Track
Adding login to a web or mobile appFrontend / Mobile →
Protecting a backend API or serviceBackend / Service →
Securing an AI agent or LLM tool callAI Agents →
Configuring the org for enterprise customersAdmin / IT →
Doing a security or compliance reviewSecurity & Compliance →

Framework quickstarts

ReactNext.jsVue
AngularNode.jsPython
React NativeAI AgentsLangChain

Platform capabilities

CapabilityWhat it does
AI Access ControlVerified agent identities, scoped capabilities, delegation, just-in-time approval
Ask APINatural-language authorization calls for LLM reasoning loops
JIT PermissionsHuman-in-the-loop approval for sensitive agent operations
Chain of AgencyToken exchange (RFC 8693) so agents can act on behalf of users with a verifiable audit trail
MCP ServersAuthorize Model Context Protocol tool calls
OAuth 2.0 & OIDCStandard flows for web, mobile, CLI, and service-to-service
Enterprise SSOSAML 2.0, OIDC federation, Active Directory / LDAP
SCIM 2.0Automated user and group provisioning
Authorization APIRBAC, ABAC, and Zanzibar-style ReBAC
Passkeys & WebAuthnFIDO2 passwordless login
Adaptive MFARisk-based step-up authentication
Multi-OrganizationIsolated tenants per customer organization

Getting help