Terraform

Identity as Code.
terraform apply and done.

17 resources. 11 modules. Your entire auth stack — users, roles, SSO, cloud IAM, branding — defined in HCL, versioned in Git, deployed in seconds.

provider.tf

terraform {
  required_providers {
    authfi = {
      source  = "queflyhq/authfi"
      version = "~> 0.1"
    }
  }
}

provider "authfi" {
  api_key = var.authfi_api_key
  tenant  = "acme"
}

Everything in code. Nothing in portals.

Stop clicking through dashboards. Define your identity infrastructure in HCL, review in PRs, deploy with CI/CD. Drift detection built in.

Resources

Modules

100%

API coverage

Portal clicks

17 Resources

authfi_project

Isolated workspace

authfi_user

Identity + profile

authfi_role

Permission group

authfi_permission

Fine-grained access

authfi_group

User collection

authfi_organization

B2B multi-tenant

authfi_application

OAuth/SAML app

authfi_connection

SSO provider

authfi_domain

Custom domain

authfi_branding

authfi_scim_target

User provisioning

authfi_cloud_account

Cloud IAM link

authfi_cloud_mapping

Role → IAM

authfi_user_role

Role assignment

authfi_group_member

Group membership

authfi_group_role

Group → role

authfi_role_permission

Role → permission

11 Ready-to-Use Modules

📦

project

Create a project with region, env type, and branding in one block

🔐

rbac

Define roles, permissions, and assignments. One module for your entire RBAC tree

🏢

organization

B2B tenant with members, roles, and optional org-level branding

📱

application

OAuth/SAML app with redirect URIs, grants, and group assignments

🔗

sso

SAML or OIDC connection with metadata, domain routing, JIT

🎨

branding

Logo, colors, layout, custom CSS, background — all in one

🔄

scim

SCIM target with bearer token, user/group sync config

☁️

gcp-workforce

Workforce Identity Federation — map authFI roles to GCP

⚙️

gcp-workload

Workload Identity — service-to-service auth via GCP

🔶

aws-identity-center

AWS SSO integration — SAML + SCIM auto-provisioning

📋

templates

Starter templates for common setups (SaaS, healthcare, B2B)

Example

Full auth stack in 40 lines

Project, admin user, roles, permissions, SSO connection, branding — all in one Terraform file. Review in a PR, apply in CI, done.

HCLGitOpsCI/CDDrift detection

module "project" { source = "queflyhq/authfi//modules/project" name = "acme-prod" region = "asia-south1" } module "rbac" { source = "queflyhq/authfi//modules/rbac" roles = { admin = ["read:*", "write:*"] viewer = ["read:users", "read:apps"] } } module "sso" { source = "queflyhq/authfi//modules/sso" provider = "okta" domain = "acme.com" } # terraform apply → users, roles, SSO, branding. Done.