Skip to content

Identity Providers

Auth Service validates users through the identity provider configured for the deployment. Choose the provider before installation and keep Governance Studio, Auth Service, and deployment values aligned.

ProviderNotes
KeycloakSupported for sign-in validation, role integration, token exchange, and Auth Service-issued refresh tokens.
Microsoft EntraSupported for sign-in validation, role integration, token exchange, and Auth Service-issued refresh tokens.
Auth0Supported for sign-in validation and provider-issued user tokens.
Generic OIDCSupported by Auth Service configuration for OIDC-compatible providers; deployment automation may require customer-specific values.

Okta is not a documented v1.0.0 provider mode.

The identity provider owns user authentication. Auth Service owns platform membership, role checks, API keys, service accounts, and platform signing workflows.

  • Confirm issuer, audience, client, and callback settings match the deployed environment.
  • Confirm Governance Studio uses the same provider mode as Auth Service.
  • Confirm users are assigned to the correct organization and projects after sign-in.
  • Confirm token exchange is enabled only for Keycloak or Microsoft Entra deployments that need it.