At a high level, these categories form the core building blocks of Lumos API. They work together to provide a single pane of glass for onboarding new applications, granting users the right access, managing vendor contracts, and ensuring system-wide visibility.

📦 Apps – A central directory of all the SaaS, on-premise and custom tools and services that your organization uses, tying each to relevant configuration and lifecycle statuses (e.g., discovered vs. approved). This ensures that everyone—from individual employees to IT administrators—can reference an authoritative list of what software is available or deprecated.

👤 Users – The people within your org, each with a unique profile that can be synced from your HRIS or identity provider. By unifying user data here, you can manage hire-to-retire processes smoothly, automatically provisioning new hires or suspending accounts for offboarded employees.

🔒 Accounts – Link each user to the Apps they access. Accounts store details like email, role, status, and last login—giving you a real-time picture of who has access to what, as well as enabling quick audits or auto-deprovisioning.

👥 Groups – Logical collections of users—such as by department or role—that streamline bulk access and approvals. When a user joins a “Sales” group, for instance, Lumos can automatically grant them relevant SaaS accounts and permissions in tools like Salesforce or HubSpot.

🛍️ AppStore – An internal “storefront” where employees can discover and request (or self-provision) the Apps or specific Permissions they need. Pre-approval rules, multi-stage approvals, and time-based access options help you implement a just-in-time approach to authorization, reducing friction while maintaining security.

💼 Vendors – Centralize contract and spend management by uploading documents, quotes, renewal dates, and other procurement details. This makes it simpler to see how many seats you’re paying for, when a contract expires, or whether you’re nearing an auto-renewal window.

🛠️ System – Cross-cutting functionality for logs, health checks, and inbound webhooks. Activity logs give a complete audit trail of who requested access, who approved it, and which system performed provisioning. Health endpoints let you confirm the API is up, while webhooks can integrate with external tools (e.g., Airbase, custom provisioning flows).

In practice, these categories ensure a seamless experience: a new Sales Manager is created in Users, automatically placed in Groups, surfaced the right Apps in the AppStore, which then provisions Accounts based on group-based or pre-approved settings.

Vendor agreements can be referenced via Vendors to ensure license availability and cost tracking. Finally, all relevant changes are recorded in System logs for compliance and auditing. By tapping into these complementary endpoints, organizations can automate and secure user access while maintaining end-to-end oversight across their Identity Governance and SaaS ecosystem.