arnabpal.me
HomeAboutProjectsCoursesBlogContact
ProjectsStackedtensor Identity — Enterprise IAM
Stackedtensor Identity — Enterprise IAM
Stackedtensordeployed

Stackedtensor Identity — Enterprise IAM

A production-grade, multi-tenant identity platform that powers auth for every product at Stackedtensor. RS256 JWKS, 2FA (TOTP/WebAuthn/email/SMS), SAML + OIDC federation, SCIM 2.0 provisioning, and an immutable SOC-2 audit trail.

Lead engineer — architecture, security model, SDKs
Jan 2026 – Present
Live

What I built

  • Multi-tenant from day one — organization isolation with thread-local region pinning for data residency
  • Zero-trust device management with MDM integration (Jamf / Intune)
  • Risk-based auth: geo-velocity + device fingerprint scoring
  • SOC-2 ready — immutable audit trail covering 100+ event types
  • Python + TypeScript SDKs so every downstream service gets auth for free
  • 636 automated tests at 80% coverage

Hard problems

  • Designing a JWKS rotation scheme that works across services already in production
  • Making SCIM 2.0 provisioning idempotent across IdP quirks (Okta, Azure AD, Google)
  • Threading tenant + region context through an async Celery pipeline without leaking it

Tech stack

PythonDjangoDRFPostgreSQLRedisCeleryTypeScriptNext.jsTerraformAWSStripe

Tags

IAMMulti-tenantSOC-2Zero-TrustEnterprise

Source code is not in the public domain. Happy to walk through architecture or specific modules on a call — get in touch.

arnabpal.me

A platform for software engineering insights, courses, and projects focused on backend development and AI applications.

Quick Links

  • Home
  • About
  • Projects
  • Courses
  • Blog

Resources

  • GitHub Projects
  • Newsletter
  • Privacy Policy
  • Terms of Service

© 2026 Arnab Pal. All rights reserved.