Identity provider

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network.[1][2]

An identity provider offers user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”[3] SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Types of identity providers[edit]

SAML identity provider[edit]

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains. In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.

OpenID provider[edit]

OpenID Connect (OIDC) is an identity layer on top of OAuth. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful HTTP API.

Examples of IdPs[edit]

  • Hitachi ID Password Manager: On-Prem and Cloud Based IDP (and SP) for Enterprise. IDP is SAMLv2. SP can also do OAuth. Various authentication options/combinations available.
  • SecureAuth Identity: On-Prem and Cloud Based IDP (and SP) for Enterprise, Adaptive Authentication
  • Ping Identity: On-Prem and Cloud Based IDP (and SP) for Enterprise, OIDC/SAML/OAuth
  • Cierge: Open source, provides email-based OIDC passwordless authentication
  • Keycloak: Open source, Java-based OIDC/SAML IdP
  • Auth0: Commercial OIDC IdP
  • Gluu: Commercial OIDC/SAML IdP
  • miniOrange: On-Premise and Cloud Based IDP (and SAML SP) for Enterprise, SAML/OAuth

See also[edit]


  1. ^ IdP (Identity Provider), Retrieved 25 July 2016.
  2. ^ Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, 2005, Retrieved 25 July 2016.
  3. ^ Identity Providers and Service Providers, Retrieved 25 July 2016.