Skip to content

Identity Providers

Auth Service supports multiple identity providers through a common OIDC-based model. The active provider is selected through deployment configuration and must match the Governance Studio runtime configuration.

ProviderUse
Auth0Hosted identity provider with Actions used for token enrichment.
Microsoft Entra IDEnterprise Microsoft identity provider with token exchange support.
KeycloakSelf-hosted identity provider with token exchange and user-management support.
Generic OIDCService-level OIDC integration for reviewed deployments that do not require the standard platform-managed user flows.

The selected provider must be configured consistently across:

  • Auth Service server-side IDP settings.
  • Governance Studio browser authentication settings.
  • Identity-provider application registrations or clients.
  • Redirect URIs and allowed origins.
  • Service-account or machine-to-machine settings when worker flows are enabled.

Use HTTPS issuer URLs in production and avoid development-only issuer or TLS verification bypass settings.

For the full Governance Platform release, use Auth0, Microsoft Entra ID, or Keycloak unless EQTY support has reviewed the exact generic OIDC claim mapping, membership behavior, and browser-login configuration.