Cloudentity ACP administrative workspaces

Learn about ACP workspaces. Get to know what they are. Learn about their characteristics and usage.

In Authorization Control Plane (ACP), a workspace is a separate authorization server of a particular tenant.

Each organization can run multiple workspaces as a part of their tenant.

Workspace characteristics

The workspace allows to provide a logical separation between different authorization servers, client applications, and protected services.

The workspace can be constituted by the following:

  • Single OAuth/OIDC authorization server,
  • Set of identity providers that the authorization server utilizes as a source of users' identities,
  • Set of client applications,
  • Set of protected services,
  • Set of custom OAuth claims, scopes, and corresponding mappings.


Elements such as authorization policies and consent objects are configured globally at the tenant level.

After tenant creation, two workspaces are provided and configured by default.

Admin, where you can configure how admins can log in to the admin portal.

System, which is used for authenticating authorizers, for custom login pages, custom consent pages, and other internal applications that need integrating with ACP.

You can create more developer workspaces for third party developers, select a workspace profile for them, and enable those developers to create their applications.


You can connect developer workspaces to a regular workspace (but not to the developer, admin, or system workspace). This gives you a possibility to create applications in those connected workspaces using this developer portal.

Workspace Profiles

You can create new workspaces and set the following profiles for them:

Demo environment

  • It is a demo environment that allows you to quickly check out a pre-configured workspace.

Consumer applications and services

  • It is an authorization server dedicated to protecting client-facing services and applications, where most of the work is usually done.

  • ACP allows to define multiple consumer workspaces (for different groups, organization units, or application sets).

Fintech and mission-critical applications

  • It is an authorization server designed primarily for companies that deliver financial services to their customers but also for software companies that must provide their services continously without any interruption.

Open Banking UK

  • It is an Open Banking UK compliant authorization server. It allows authorized providers to access your user’s financial data.

Partners B2B integration

  • It is a server that allows your business partners to integrate with your API after they are authorized according to your authorization policies.

Third party

  • It is an authorization server dedicated to developer APIs.

  • It allows administrators to configure identity providers for client developers, including the third-party developers from partner or client organizations.


  • Workforce authorization server gives you an opportunity to build and protect applications, services, and APIs that are used by your employees.