Documentation Index
Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
Use this file to discover all available pages before exploring further.
What is an Identity Provider (IdP)?
The IdP, Identity-as-a-Service (IDaaS), Privileged Identity/Access Management (PIM/PAM), Multi-factor/Two-factor Authentication (MFA/2FA), and numerous other subcategories are included in the IAM category. IdP is a subset of an IAM solution that is dedicated to handling fundamental user IDs. The IdP serves as the authoritative source for defining and confirming user identities. The IdP can be considered maybe the most important subcategory of the IAM field because it often lays the foundation of an organization’s overall identity management infrastructure. In fact, other IAM categories and solutions, such as IDaaS, PIM/PAM, MFA/2FA, and others are often layered on top of the core IdP and serve to federate core user identities from the IdP to various endpoints. Therefore, your choice in IdP will have a profound influence on your overall IAM architecture.We recommend Keycloak, a component that allows you to create users and store credentials.Every communication that comes from a consumer application, goes through a public entry point (API Gateway). To communicate with this component, the consumer application tries to start a process and the public entry point will check for authentication (Keycloak will send you a token) and the entry point validates it.
Authorization split (5.8.0+): Keycloak is authoritative for authentication, user attributes (used by business filters), and federation with external IDPs. End-user roles, end-user groups, and project-scoped role assignment are managed in FlowX. See Runtime authorization.Up to 5.7.0, end-user groups were also managed in Keycloak.
For more information on how to add roles and how to configure an IdP solution, check the following section:
Configuring an IAM solution
Using Keycloak with an external IdP
Recommended keycloak version: 22.x
AD or LDAP provider
In Lightweight Directory Access Protocol (LDAP) and Active Directory, Keycloak functionality is called federation or external storage. Keycloak includes an LDAP/AD provider.