Console
GOVCLOUD
Close

End User Directory

The per-Team registry that issues and resolves end_user_id. Identity-only by design — it holds the platform-issued id, the source IdP claim, and minimal metadata. Nothing about the end user lives here.

ADR 0012 · 0016

The Directory is the foreign key, not a profile. Rows carry no facts, preferences, or behaviour. Anything an Agent knowsabout an end user lives in that Agent's Long-term Memory under the per-Agent recall boundary (ADR 0011) — never shared across Agents even when the end_user_id matches. Crossing a team boundary mints a fresh end_user_id; there is no platform-global identity.

Platform Engineering
verified-jwt
IdP
Entra ID
JWKS
https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys
Set by
Priya Shah · Team Admin
Contracts & Proposals
verified-jwt
IdP
Okta
JWKS
https://vds.okta.com/oauth2/default/v1/keys
Set by
Linnea Park · Team Admin
Mission Software
opaque-id
Auth
API key only — caller-supplied stable id
Set by
Marcus Chen · Team Admin

Platform Admin floor: opaque-id. Opaque ID is the org-wide floor for low-assurance, in-app teams. Sensitive teams must require verified JWT; no team may go below this floor. A team may require a stronger claim mode than the floor — never a weaker one.

6 end users
end_user_idTeamClaim modeSource claimFirst seenLast seenStatus
eu_cc91d3f0Platform Engineeringverified-jwt
Entra ID
sub:…a7f3-9c20 (VDS employee)2026-02-182026-05-29active
eu_77fa2c11Contracts & Proposalsverified-jwt
Okta
sub:…1bd0-4e88 (VDS employee)2026-03-022026-05-29active
eu_8c2f4a1bPlatform Engineeringverified-jwt
Entra ID
sub:…f5c1-2a64 (VDS employee)2026-01-292026-05-22deletion-pending
eu_3f0a8d77Contracts & Proposalsverified-jwt
Okta
sub:…0db2-77af (VDS employee)2026-02-112026-04-30deletion-pending
eu_b66c10a2Platform Engineeringverified-jwt
Entra ID
tombstone (subject deleted)2025-12-042026-04-03tombstoned
eu_op_5521abMission Softwareopaque-idoperator-9f21c (caller-supplied, in-app product operator)2026-05-202026-05-29active
Deleting a row triggers the Subject Deletion cascade — Long-term Memory tombstone + Trajectory Store crypto-erase, fanned out across every Agent on the team.