> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agentfront.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & Authorization

> Three-tier auth model from public access to full OAuth 2.1 orchestration

FrontMCP implements a flexible **three-tier authentication system**. Choose the right level for each deployment scenario — from open development servers to production multi-tenant systems.

| Mode             | How It Works                            | Best For                                    |
| ---------------- | --------------------------------------- | ------------------------------------------- |
| **Public**       | No auth required, anonymous sessions    | Development, testing, public APIs           |
| **Transparent**  | Pass-through tokens from external IdPs  | Existing Auth0, Okta, Azure AD setups       |
| **Orchestrated** | Full OAuth 2.1 server (local or remote) | Multi-app, federated auth, progressive auth |

<CardGroup cols={3}>
  <Card title="Auth Overview" icon="shield-check" href="/frontmcp/authentication/overview">
    Complete authentication guide
  </Card>

  <Card title="Auth Modes" icon="layer-group" href="/frontmcp/authentication/modes">
    Deep dive into all three modes
  </Card>

  <Card title="Progressive Auth" icon="stairs" href="/frontmcp/authentication/progressive">
    On-demand scope elevation
  </Card>

  <Card title="CIMD" icon="fingerprint" href="/frontmcp/authentication/cimd">
    Multi-account disambiguation
  </Card>

  <Card title="Local OAuth" icon="house" href="/frontmcp/authentication/local">
    Built-in OAuth 2.1 server
  </Card>

  <Card title="Remote OAuth" icon="cloud" href="/frontmcp/authentication/remote">
    External IdP integration
  </Card>
</CardGroup>
