Identity provider

From Wikipedia, the free encyclopedia
Jump to: navigation, search

An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network.[1][2]

An identity provider offers user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”[3] SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Types of Identity Providers[edit]

SAML Identity Provider[edit]

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains. In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.

OpenID Provider[edit]

OpenID Connect (OIDC) is an identity layer on top of OAuth. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful HTTP API.

Examples of IdPs[edit]

  • Cierge: Open source, provides email-based OIDC passwordless authentication
  • Keycloak: Open source, Java-based OIDC/SAML IdP
  • Auth0: Commercial OIDC IdP
  • Gluu: Commercial OIDC/SAML IdP

See also[edit]


  1. ^ IdP (Identity Provider), Retrieved 25 July 2016.
  2. ^ Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, 2005, Retrieved 25 July 2016.
  3. ^ Identity Providers and Service Providers, Retrieved 25 July 2016.