Skip to main content

Core Concepts

As a SetherAuth administrator, you should be familiar with at least four core concepts: Organization, User, Application, and Provider.


In SetherAuth, an organization is a container for users and applications. For example, all the employees of a company or all the customers of a business can be abstracted as one organization.


Once you register to on, a default organization will be created for you.


In SetherAuth, a user can log into an application.

All users that belong to your organization can log in to all applications owned by the organization.


An application represents a web system that needs to be protected by SetherAuth. Applications can be websites, dApps, Single-Page Apps etc.

Each application can have its own customized sign-up page, sign-in page, and more.

An application is a "portal" or "interface" for a user to log into SetherAuth. A user must go through one application's sign-in page to log into SetherAuth.

Login URLs

To get the login URL of an application defined in SetherAuth, you can concatenate strings manually or the provided SDKs:

1. Manually concatenating strings

  • Sign-up page URL
    • Signup for the specified application:<application-id>
    • Signup by OAuth:<application-client-id>&response_type=code&redirect_uri=<application-redirect-uri>&scope=read&state=sether
    • Signup automatically:<client-id-for-your-application>&response_type=code&redirect_uri=<redirect-uri-for-your-application>&&scope=read&state=sether
  • Sign-in page URL
    • Sign-in for the specified organization:<organization-id>
    • Sign-in by OAuth: <your-SetherAuth-hostname>/login/oauth/authorize?client_id=<client-id-for-your-application>&response_type=code&redirect_uri=<redirect-uri-for-your-application>&&scope=read&state=sether

2. Using SDKs (for frontend JavaScript code using React, Vue, or Angular)

  • Frontend SDKs (for frontend JavaScript code using React, Vue, or Angular): getSignupUrl() and getSigninUrl()
  • Backend SDKs (for backend code using Go, Java, etc.): GetSignupUrl() and GetSigninUrl()


SetherAuth is a federated single sign-on system that supports multiple identity providers via OIDC, OAuth, and SAML. SetherAuth can also send verification codes or other notifications to users via email or SMS. SetherAuth uses the concept of Provider to manage all these third-party connectors.