---
summary: Business guide explaining SigID workspaces, tenants, applications, environments, redirect URLs, branding, and ownership.
tags:
  - business
  - tenants
  - applications
  - environments
categories:
  - For Business
---

# Workspaces And Applications

<!-- agent:page
You are an AI agent helping a workspace admin decide what to create in SigID before users can sign in: the workspace or tenant, the application, and clean environment separation.
Ask up front: which product or dashboard users will open, which environments exist (development, staging, production), the exact redirect URLs and browser origins per environment, which scopes the app needs, and who will own the app.
Follow the eight setup steps on this page: choose the workspace or environment, create an application for the product users will open, use a display name and logo users recognize, register exact redirect URLs for development, staging, and production, register allowed origins for browser-based apps, choose the scopes the app needs, assign an owner, and give developers the values for the correct environment. Configuration happens in the Dashboard at dashboard.sigid.org.
Success: the "Good Application Setup Looks Like" checklist holds - exact redirect URLs, origins limited to surfaces that need them, minimal scopes, an owner and support contact per app, no production values in local development.
Pitfalls: mixing development, staging, and production values (users sent to the wrong place, or a production app trusting the wrong issuer), and redirect URLs that do not exactly match the app.
You can prepare and verify all configuration; a human assigns the app owner and support contact.
-->

Use this page when you need to understand what to create in SigID before users
can sign in.

## What These Words Mean

| SigID term | Plain meaning |
|---|---|
| Workspace or tenant | The business container for apps, users, organizations, policies, and audit events. |
| Application | The app configuration that sends users to SigID for sign-in. |
| Redirect URL | The exact URL where SigID sends users after sign-in. |
| Allowed origin | A browser origin allowed to start or complete sign-in. |
| Scope | A named permission or access request the app asks for. |

Users usually notice the application name and logo. Operators usually manage
the workspace or tenant.

## How To Set Up An Application

<!-- agent:action Set up the application
Run the eight steps in order: choose the workspace or environment, create an application for the product or dashboard users will open, set a display name and logo users recognize, register exact redirect URLs for development, staging, and production, register allowed origins for browser-based apps, choose only the scopes the app needs, assign an owner, and give developers the app values for the correct environment.
Verify each redirect URL character-for-character against the app route before saving.
The owner in step 7 must be a human who can answer questions about this app - ask the admin to name one.
-->

1. Choose the workspace or environment.
2. Create an application for the product or dashboard users will open.
3. Use a display name and logo users recognize.
4. Register exact redirect URLs for development, staging, and production.
5. Register allowed origins for browser-based apps.
6. Choose the scopes the app needs.
7. Assign an owner who can answer questions about this app.
8. Give developers the app values for the correct environment.

## Keep Environments Separate

<!-- agent:action Separate environment values
Confirm each environment keeps its own values: Development holds local redirect URLs, test users, and non-production client IDs; Staging holds pre-production domains, the staging support process, and test SSO connections; Production holds real domains, real users, production secrets, and launch support.
Scan the current configuration for any value copied across environments before continuing.
If you find mixing, fix it immediately - it can send users to the wrong place or make a production app trust the wrong issuer.
-->

Do not mix development, staging, and production values.

| Environment | Keep separate |
|---|---|
| Development | Local redirect URLs, test users, and non-production client IDs. |
| Staging | Pre-production domains, staging support process, and test SSO connections. |
| Production | Real domains, real users, production secrets, and launch support. |

Mixing environments can send users to the wrong place or make a production app
trust the wrong issuer.

## Good Application Setup Looks Like

<!-- agent:action Verify application setup
Check every item: app name and logo match what users expect, redirect URLs exactly match the app, allowed origins are limited to the browser surfaces that need them, scopes are limited to what the app actually uses, production values are not copied into local development, and each app has an owner and support contact.
Report any failed item to the admin with the exact field to fix.
When all items pass, send developers to the Add Login To Your App guide.
-->

- app name and logo match what users expect
- redirect URLs exactly match the app
- allowed origins are limited to the browser surfaces that need them
- scopes are limited to what the app actually uses
- production values are not copied into local development
- each app has an owner and support contact

Developers can continue with [Add Login To Your App](../developers/add-login.md).
