Identity Providers
Auth Service supports multiple identity providers through a common OIDC-based model. The active provider is selected through deployment configuration and must match the Governance Studio runtime configuration.
Supported Providers
Section titled “Supported Providers”| Provider | Use |
|---|---|
| Auth0 | Hosted identity provider with Actions used for token enrichment. |
| Microsoft Entra ID | Enterprise Microsoft identity provider with token exchange support. |
| Keycloak | Self-hosted identity provider with token exchange and user-management support. |
| Generic OIDC | Service-level OIDC integration for reviewed deployments that do not require the standard platform-managed user flows. |
Configuration Consistency
Section titled “Configuration Consistency”The selected provider must be configured consistently across:
- Auth Service server-side IDP settings.
- Governance Studio browser authentication settings.
- Identity-provider application registrations or clients.
- Redirect URIs and allowed origins.
- Service-account or machine-to-machine settings when worker flows are enabled.
Production Guidance
Section titled “Production Guidance”Use HTTPS issuer URLs in production and avoid development-only issuer or TLS verification bypass settings.
For the full Governance Platform release, use Auth0, Microsoft Entra ID, or Keycloak unless EQTY support has reviewed the exact generic OIDC claim mapping, membership behavior, and browser-login configuration.