Deployment Identity Providers
The deployment chart documents Auth0, Microsoft Entra, and Keycloak as supported customer identity provider choices for Governance Platform.
Provider Responsibilities
Section titled “Provider Responsibilities”The identity provider handles user sign-in. Auth Service validates identities, manages platform membership and roles, and supplies authorization context to platform services.
Provider Notes
Section titled “Provider Notes”- Auth0 supports provider-issued user tokens for platform sign-in.
- Microsoft Entra supports provider-issued user tokens and Auth Service token exchange when configured.
- Keycloak supports provider-issued user tokens and Auth Service token exchange when configured.
Okta is not a documented v1.0.0 deployment provider.
Configuration Checks
Section titled “Configuration Checks”- Callback and logout URLs match the deployed Governance Studio domain.
- Issuer and audience settings match Auth Service configuration.
- Test users can sign in and receive the expected project membership.
- Token exchange is enabled only for Microsoft Entra or Keycloak deployments that require it.