Identity Providers
Auth Service validates users through the identity provider configured for the deployment. Choose the provider before installation and keep Governance Studio, Auth Service, and deployment values aligned.
Supported Providers
Section titled “Supported Providers”| Provider | Notes |
|---|---|
| Keycloak | Supported for sign-in validation, role integration, token exchange, and Auth Service-issued refresh tokens. |
| Microsoft Entra | Supported for sign-in validation, role integration, token exchange, and Auth Service-issued refresh tokens. |
| Auth0 | Supported for sign-in validation and provider-issued user tokens. |
| Generic OIDC | Supported by Auth Service configuration for OIDC-compatible providers; deployment automation may require customer-specific values. |
Okta is not a documented v1.0.0 provider mode.
Provider Responsibilities
Section titled “Provider Responsibilities”The identity provider owns user authentication. Auth Service owns platform membership, role checks, API keys, service accounts, and platform signing workflows.
Operator Checklist
Section titled “Operator Checklist”- Confirm issuer, audience, client, and callback settings match the deployed environment.
- Confirm Governance Studio uses the same provider mode as Auth Service.
- Confirm users are assigned to the correct organization and projects after sign-in.
- Confirm token exchange is enabled only for Keycloak or Microsoft Entra deployments that need it.