5 min read

Quick Start

Get up and running with AccessIQ in under 5 minutes. This guide walks you through the essential steps to integrate identity management into your application.

Prerequisites

Before you begin, make sure you have created an AccessIQ account and have access to your tenant dashboard at app.accessiq.io

1Create an Organization

Organizations are the top-level containers for your customers. Each organization can have its own identity provider, users, roles, and settings.

Create Organizationbash

curl -X POST https://api.accessiq.io/v1/organizations \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Corp",
    "slug": "acme-corp",
    "plan": "professional"
  }'

2Configure an Identity Provider

Connect your customer's identity provider. AccessIQ supports SAML 2.0, OpenID Connect, and social providers.

Configure OIDC Providerbash

curl -X POST https://api.accessiq.io/v1/organizations/acme-corp/identity-providers \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "oidc",
    "name": "Microsoft Entra ID",
    "config": {
      "clientId": "YOUR_CLIENT_ID",
      "clientSecret": "YOUR_CLIENT_SECRET",
      "issuer": "https://login.microsoftonline.com/TENANT_ID/v2.0"
    }
  }'

3Create Roles and Permissions

Define the roles and permissions for your application. Roles are collections of permissions that can be assigned to users.

Create Rolebash

curl -X POST https://api.accessiq.io/v1/organizations/acme-corp/roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Admin",
    "description": "Full administrative access",
    "permissions": [
      "users:read",
      "users:write",
      "settings:manage",
      "billing:view"
    ]
  }'

4Authenticate Users

Redirect users to the AccessIQ login page. After authentication, they'll be redirected back to your application with a JWT token.

app/login/route.tstypescript

import { redirect } from 'next/navigation'

export async function GET() {
  const loginUrl = new URL('https://auth.accessiq.io/login')
  loginUrl.searchParams.set('client_id', process.env.ACCESSIQ_CLIENT_ID!)
  loginUrl.searchParams.set('redirect_uri', process.env.CALLBACK_URL!)
  loginUrl.searchParams.set('response_type', 'code')
  loginUrl.searchParams.set('scope', 'openid profile email')

  redirect(loginUrl.toString())
}

5Verify Access Tokens

Validate the JWT token on your backend to ensure the user is authenticated and authorized.

lib/auth.tstypescript

import { jwtVerify } from 'jose'

export async function verifyToken(token: string) {
  const JWKS = createRemoteJWKSet(
    new URL('https://auth.accessiq.io/.well-known/jwks.json')
  )

  const { payload } = await jwtVerify(token, JWKS, {
    issuer: 'https://auth.accessiq.io',
    audience: process.env.ACCESSIQ_CLIENT_ID
  })

  return {
    userId: payload.sub,
    email: payload.email,
    orgId: payload.org_id,
    roles: payload.roles,
    permissions: payload.permissions,
    featureFlags: payload.feature_flags
  }
}

Feature Flags in JWT

AccessIQ automatically includes enabled feature flags in the JWT token claims, so you can check feature access without additional API calls.

Next Steps

Learn about core concepts Explore the API reference Configure identity providers Set up feature flags