Concepts

The three actors

OrthID treats humans, organisations and AI agents as first-class principals. Each one can hold an identity, authenticate, and act with verifiable scope.

Most auth systems model one actor: the human user. OrthID models three, because in a modern product an organisation is a tenant in its own right, and an AI agent is an actor that takes real actions on real data. Every principal has a stable identifier, a type, and a home region. Everything an actor does is verified and audited against that identity.

Humans

A human is a person who signs in. Humans authenticate with passkeys, passwords, MFA or enterprise SSO, and they can belong to one or many organisations. A human identity is durable: it survives across sessions, devices and organisation memberships. When a person signs in, OrthID resolves them to a user principal and issues a session.

actor: human

{
  "type": "user",
  "id": "user_3kP9aZ",
  "email": "dr.okafor@northshore.health",
  "verified": true,
  "auth": { "method": "passkey", "mfa": true },
  "organizations": ["org_2bT7uX", "org_9rL4mC"],
  "region": "au-syd-1"
}

Organisations

An organisation is a tenant: a hospital, clinic, team or company. Organisations are principals too, which is what lets OrthID enforce multi-tenancy, delegated administration and org-scoped roles. A human does not act as an organisation; they act within one. The active organisation on a session decides which roles and data are in play. Organisations own members, invitations, roles and billing, and they pin their data to a region.

actor: organisation

{
  "type": "organization",
  "id": "org_2bT7uX",
  "name": "Northshore Health",
  "slug": "northshore",
  "members": 184,
  "region": "au-syd-1"
}

AI agents

An agent is a non-human workload - a copilot, a background job, an automation - that needs to act with identity rather than a shared static key. Agents do not log in. They are issued a scoped, short-lived credential that is delegated from a human (or, for system jobs, from an organisation). The credential records who the agent acts on behalf of, so every action traces back to a real person. An agent can never exceed the scope it was granted, and it expires by default.

actor: agent

{
  "type": "agent",
  "id": "agent_7xQ1vD",
  "name": "discharge-summary-bot",
  "onBehalfOf": "user_3kP9aZ",
  "organization": "org_2bT7uX",
  "scope": ["records:read", "summaries:write"],
  "expiresAt": "2026-06-22T13:40:00Z",
  "region": "au-syd-1"
}

How they relate

The three actors fit together in one chain of accountability:

A human belongs to one or more organisations and acts within the one that is active on their session.
An agent acts on behalf of a human (the onBehalfOf field), inside a single organisation, with a scope that is a subset of what that human can do.
Every token an agent carries names its principal human, so the audit log answers “who really did this?” even when a bot pressed the button.

Delegation, not impersonation

An agent does not become the human. It carries an act claim that records the human it acts for. See Tokens & token exchange for how that claim is minted and verified.

Next steps

Sessions - what a signed-in actor looks like over time.
RBAC & permissions - how scope is defined for each actor type.