Identity Provider (IdP)
An Identity Provider (IdP) is the system that authenticates users' identities and issues tokens or assertions that prove their identity to applications. It is the trusted broker that sits between a user and the applications they access, responsible for verifying 'you are who you claim to be.'
# WHAT TEAMS RUN INTO
- —
If the IdP goes down or is compromised, access fails or becomes unverifiable across every federated application simultaneously.
- —
Token compromise at the IdP spreads to every application instantly. A stolen signing key at the IdP can be used to forge valid tokens for any user.
- —
IdP capabilities don't match application requirements. An app needs attribute-based access decisions, but the IdP only provides group membership assertions.
# WHY IT MATTERS
An IdP is a single point of trust and a single point of failure. It holds extraordinary power — the ability to assert the identity of anyone accessing your ecosystem. When an IdP issues a token, downstream applications have no choice but to trust it. That trust must be earned through strong security practices, because one compromised IdP credential can cascade across your entire application estate.