Logo Logo
GitHub Designed by Logto

What is an identity provider (IdP)?

In the realm of Identity and access management (IAM) , an identity provider (IdP) is the central service for managing identities. It is responsible for authenticating users, issuing identity tokens, and providing user information to service providers (e.g., applications, services, APIs).

In addtion to Authentication , modern identity providers are also responsible for Authorization (enforcing Access control policies) and supporting advanced features like Single sign-on (SSO) and Multi-tenancy .

Identity provider standards

Due to the nature of identity management and the need for interoperability, it will be impractical and inefficient to build identity providers without standards. Here are some typical scenarios:

  • Two identity providers need to communicate with each other to exchange user information (e.g., social login).
  • An application needs to authenticate users using multiple identity providers (e.g., federated identity).
  • An identity provider needs to support multiple types of clients (e.g., web, mobile, IoT).

To address these scenarios, the industry has developed several popular standards for identity providers:

For new applications, OpenID Connect (OIDC) is the recommended standard to use either for building an identity provider or integrating with existing identity providers.

Identity provider architecture

The term “identity provider” does not specify a particular architecture or implementation. That is to say, an identity provider can also be a monolithic application, a microservice, or a cloud service.

Due to the complexity and criticality of identity management, modern applications tend to use specialized identity providers that are standalone services or vendor solutions.

Identity provider features

Modern identity providers offer a wide range of features to support various use cases and requirements. Here are some common features:

See also