End User Directory
The per-Team registry that issues and resolves end_user_id. Identity-only by design — it holds the platform-issued id, the source IdP claim, and minimal metadata. Nothing about the end user lives here.
The Directory is the foreign key, not a profile. Rows carry no facts, preferences, or behaviour. Anything an Agent knowsabout an end user lives in that Agent's Long-term Memory under the per-Agent recall boundary (ADR 0011) — never shared across Agents even when the end_user_id matches. Crossing a team boundary mints a fresh end_user_id; there is no platform-global identity.
- IdP
- Entra ID
- JWKS
https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys- Set by
- Priya Shah · Team Admin
- IdP
- Okta
- JWKS
https://claims.okta.com/oauth2/default/v1/keys- Set by
- Linnea Park · Team Admin
- Auth
- API key only — caller-supplied stable id
- Set by
- Dana Liu · Team Admin
Platform Admin floor: opaque-id. Opaque ID is the org-wide floor for internal/low-assurance teams. Regulated teams must require verified JWT; no team may go below this floor. A team may require a stronger claim mode than the floor — never a weaker one.
| end_user_id | Team | Claim mode | Source claim | First seen | Last seen | Status |
|---|---|---|---|---|---|---|
eu_cc91d3f0 | Customer Operations | verified-jwt Entra ID | sub:…a7f3-9c20 | 2026-02-18 | 2026-05-29 | active |
eu_77fa2c11 | Claims | verified-jwt Okta | sub:…1bd0-4e88 | 2026-03-02 | 2026-05-29 | active |
eu_8c2f4a1b | Customer Operations | verified-jwt Entra ID | sub:…f5c1-2a64 | 2026-01-29 | 2026-05-22 | deletion-pending |
eu_3f0a8d77 | Claims | verified-jwt Okta | sub:…0db2-77af | 2026-02-11 | 2026-04-30 | deletion-pending |
eu_b66c10a2 | Customer Operations | verified-jwt Entra ID | tombstone (subject deleted) | 2025-12-04 | 2026-04-03 | tombstoned |
eu_op_5521ab | Marketing Lab | opaque-id | prospect-9f21c (caller-supplied) | 2026-05-20 | 2026-05-29 | active |