Sign up with a free tenant on FoxIDs Cloud.
OR
Deploy and host FoxIDs yourself.
All development and test is free.
FoxIDs makes it easy to implement authentication and authorization into your websites and APIs. Seamlessly connect with industry security standards like OAuth 2.0, OpenID Connect and SAML 2.0, and integrate identity providers such as Microsoft Entra ID, Google and Facebook etc.
Use FoxIDs Cloud or Host it yourself anywhere using Docker or Kubernetes (K8s).
Built by developers, for developers. Connect to FoxIDs no matter what language you code in or platform you build on.
Sign up with a free tenant on FoxIDs Cloud.
OR
Deploy and host FoxIDs yourself.
All development and test is free.
As a company based in Denmark, we strictly adhere to the regulations imposed by GDPR. FoxIDs is 100% Made in Europa and fully GDPR compliant. Your data is hosted exclusively in the EU, so you always retain full control.
We believe an identity service should include all the features needed to build secure applications and APIs - without breaking the budget.
The source code for the full feature set should be available online.
The identity service should support both cloud and on-premises deployment and be available in Europa on FoxIDs Cloud at a low cost.
Anders Revsgaard
Founder, Application security expert
You can benefit from having FoxIDs as one single identity provider (IdP) when building applications. Development becomes simpler and more secure by using the same identity provider and security standards across all applications. Single sign-on is easier to achieve and APIs can be called securely from all applications.
FoxIDs will then handle user authentication with username+password and optionally MFA or transfer user ID's from users authenticated in an external identity provider such as Microsoft Entra ID, AD FS, IdentityServer, Google, Facebook or others supporting OpenID Connect or SAML 2.0.
The application can choose how the user should log in by setting an authentication method as a parameter in the URL and configure a custom identity and access management (IAM) sign-up experience.
You can use FoxIDs as a SAML 2.0 to OpenID Connect bridge. Where FoxIDs handles the SAML 2.0 traffic to the external Identity Provider (IdP) and your application connects to FoxIDs with OpenID Connect. You basically only need care about OpenID Connect, the SAML 2.0 connection is handled by FoxIDs.
SAML 2.0 is tricky and an old standard with its shortcomings, and therefore it is often a better choice to use OpenID Connect in your application.
It is a common scenario to have OpenID Connect and SAML 2.0 applications in a enterprise architecture. You can connect both OpenID Connect and SAML 2.0 applications to FoxIDs and configure the same or different login experiences.
Both single sign-on (SSO) and single logout is supported across different types of applications. And if a SAML 2.0 application needs to call an OAuth 2.0 secured API the SAML 2.0 token can be exchanged to an access token for the API.
Tokens should be issued with lease privileges. If an application needs to call multiple APIs or API groups it is a good and secure approach to issue a separate access token for each API or API group. Use zero trust (never trust, always verify), validate that each API request is authenticated and authorized in context of the calling client and the end-user.
Initially a limited access token is issued which is granted access (with audience and scope) to be exchanged with token exchange to different API / API group access tokens with specific audiences and scopes.
The initial access token can be issued on user authentication in an OpenID Connect application or with client credentials grant in an OAuth 2.0 application.
And thereafter be exchanged to other access tokens.
It is recommended to pass the user's identity securely between APIs. With token exchange in an API, it is possible to issue an access token to another API and thereby calling the next API in the context of the end-user.