# Identity (/entities/identity)



Identity is backed by WorkOS via [oauth.do](https://oauth.do). Users authenticate, ApiKeys enable programmatic access. Organization is defined in the [CRM](/entities/crm) domain.

User [#user]

Authenticated humans — founders, team members, collaborators.

```typescript
import { Noun } from 'digital-objects'

export const User = Noun('User', {
  name: 'string!',
  email: 'string!##',
  avatar: 'string',
  role: 'Admin | Member | Viewer',
  status: 'Active | Suspended | Invited',
  invite: 'Invited',
  suspend: 'Suspended',
  activate: 'Activated',
})
```

| Verb       | Event       | Description                      |
| ---------- | ----------- | -------------------------------- |
| `invite`   | `Invited`   | Send invite to join organization |
| `suspend`  | `Suspended` | Temporarily disable access       |
| `activate` | `Activated` | Activate a user account          |

ApiKey [#apikey]

Programmatic access — SDK, CI/CD, agent authentication.

```typescript
export const ApiKey = Noun('ApiKey', {
  name: 'string!',
  keyPrefix: 'string!##',
  scopes: 'string',
  status: 'Active | Revoked | Expired',
  revoke: 'Revoked',
})
```

| Verb     | Event     | Description                 |
| -------- | --------- | --------------------------- |
| `revoke` | `Revoked` | Permanently disable the key |