Everything Canopy provides to handle authentication, authorization, and organizational hierarchy as a service.
Scope permissions by organizational structure with downward inheritance.
Define your own permission model. Canopy stores, enforces, and evaluates it at runtime.
Users only see what they're allowed to, scoped automatically based on role assignments in the tree.
Every account is fully isolated with its own hierarchy, roles, and permission catalog.
Hosted login with PKCE, RS256 JWTs, and JWKS. Your app never needs to handle passwords.
Manage end users, and their access, in one system.
REST API, API keys, and webhooks: everything you need to integrate Canopy into your application.
Every security-sensitive action is logged with actor, resource, and full context.