# Identity Provider
dot.base uses the open-source software Keycloak (opens new window) as an identity provider and follows OAuth 2.0 protocol by using OpenID Connect.
The Keycloak server can be synced with an organization's Active Directory using LDAP. This enables users to easily log in with their organization-wide username and password instead of having another additional set of credentials they need to remember. Besides, if a user leaves the organization, access to dot.base is automatically disabled by the organization's IT administration. External users can be registered as guest users at the Active Directory with corresponding user roles to get access to dot.base.
# User role management
dot.base's authorization rules are based on the following user roles:
- medical staff member
- study physician
- study nurse
- scientific researcher
- technical admin
- clinical admin
Most clinical settings should be covered by these user roles, but they can be expanded of course.