What is FoxIDs?
FoxIDs is a Identity Services that easily allows you to implement Identity Management on your websites against a variety of industry standards (OAuth 2.0, OpenID Connect and SAML 2.0) and services like Microsoft, Google and Facebook, etc.
Use FoxIDs as a Service (SaaS) or Host it yourself anywhere using Docker or Kubernetes (K8s).
Trusted by
Connect and orchestrate everything!
A tenant is a container, and once you have created your tenant, it's all about environments. Each environment is an Identity Provider (IdP) and it is independent of all the other environments. You build your IdP and configure your applications and authentication methods in an environment.
Connect environments to compose elements and connections. Support multiple login scenarios and transform user claims as needed.
Customize the user log in with multi-language support.
Authenticate with the user repository in an environment and optionally require MFA.
FoxIDs.com SaaS
Create a tenant with pre-configured test and production environments. You can add more environments as you like.
Get started for free with a Free plan.
Self-Hosted
Deploy via easy-to-use deployment script in a Azure App Service Container, with Docker or in a Kubernetes (K8s) cluster on-premises or with any Cloud Vendor providing Kubernetes support.
Free for development, testing, small companies, including personal projects and non-profit educational institutions.
Environments and thus a User Stores | 3 |
5
Up to 10, price |
10
Unlimited, price |
---|---|---|---|
Custom Domain | |||
Applications and APIs
Web Application (OpenID Connect) Web Application (SAML 2.0) Single Page Application (OpenID Connect) Native Application (OpenID Connect) Backend Service Application (OAuth 2.0 Client) API (OAuth 2.0 Resource) Token Exchange (OAuth 2.0) |
|||
Client Authentication Methods
Client Secret Basic Client Secret Post Private Key JWT |
|||
Authentication Methods
User Login UI OpenID Provider (OpenID Connect) Identity Provider (SAML 2.0) Token Exchange Trust (OpenID Connect) Token Exchange Trust (SAML 2.0) Token Exchange Trust (OAuth 2.0) Environment Link |
|||
Customize UI and Language | |||
Claim Transformations | |||
Key Vault Managed Certificates |
3
Up to 10, price |
3
Unlimited, price |
|
Two-Factor Authentication (2FA/MFA) | |||
Users | 1,000 |
1,000
Unlimited, price |
1,000
Unlimited, price |
Authentications(1) per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
Token Requests(2) per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
Control API Reads per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
Control API Updates per month | 1,000 |
1,000
Unlimited, price |
1,000
Unlimited, price |
SLA - Status | 98% | 99.9% | |
Log Retention | 30 days | 30 days | 180 days |
Prioritized Email Support | |||
Consultants | Billed per 30 minutes | Billed per 30 minutes | Billed per 15 minutes with a 10% discount |
Developer Q&A on Stack Overflow with tag 'foxids' |
If you are in EU outside Denmark, please provide the VAT number to avoid VAT. There is no VAT if you are outside EU. In Denmark the VAT is 25%.
All pricing in Euro.
Consultants are billed per 30 minutes at an hourly rate of €250.
Feel free to contact us at [email protected], and please write us if you want to change plan.
1) Logins is counted for each environment and therefore counted multiple times in connected environments. Logins is furthermore rated higher if additional logging is enabled.
2) Token requests is counted in each environment. Token requests can be counted multiple times in connected environments with OpenID Connect. Token requests is furthermore rated higher if additional logging is enabled.
Source code license.
Self-hosting Deployments | 1 | 5 | Unlimited |
---|---|---|---|
Production tenants | 1 | 5 | Unlimited |
Environments and thus a User Stores | 5 | Unlimited | Unlimited |
Docker / Kubernetes (K8s) | |||
Database | MongoDB, CosmosDB (only Azure hosting) or PostgreSql | ||
Cache | Redis or database | ||
Certificates and secrets store | Database or Key Vault (only Azure hosting) | ||
Custom Domain | |||
Applications and APIs
Web Application (OpenID Connect) Web Application (SAML 2.0) Single Page Application (OpenID Connect) Native Application (OpenID Connect) Backend Service Application (OAuth 2.0 Client) API (OAuth 2.0 Resource) Token Exchange (OAuth 2.0) |
|||
Client Authentication Methods
Client Secret Basic Client Secret Post Private Key JWT |
|||
Authentication Methods
User Login UI OpenID Provider (OpenID Connect) Identity Provider (SAML 2.0) Token Exchange Trust (OpenID Connect) Token Exchange Trust (SAML 2.0) Token Exchange Trust (OAuth 2.0) Environment Link |
|||
Customize UI and Language | |||
Claim Transformations | |||
Two-Factor Authentication (2FA/MFA) | |||
Users | Unlimited | Unlimited | Unlimited |
Authentications per month | Unlimited | Unlimited | Unlimited |
Token Requests per month | Unlimited | Unlimited | Unlimited |
Control API Reads per month | Unlimited | Unlimited | Unlimited |
Control API Updates per month | Unlimited | Unlimited | Unlimited |
Log | |||
Prioritized Email Support | |||
Consultants | Billed per 30 minutes | Billed per 30 minutes | Billed per 15 minutes with a 10% discount |
Developer Q&A on Stack Overflow with tag 'foxids' |
If you are in EU outside Denmark, please provide the VAT number to avoid VAT. There is no VAT if you are outside EU. In Denmark the VAT is 25%.
All pricing in Euro.
Consultants are billed per 30 minutes at an hourly rate of €250.
Feel free to contact us at [email protected].
Why did we develop FoxIDs?
An identity service should include all necessary features to make secure applications and APIs and yet be affordable.
The source code for the full feature set should be available.
The identity service should support both cloud and on-premises deployment and be available on FoxIDs.com as SaaS
with close to full feature set in all plans at a low cost.
Authentication platform with MFA and support for OAuth 2.0, OpenID Connect and SAML 2.0.
SAML 2.0 to OpenID Connect bridge.
Create a tenant and use FoxIDs as a Service (SaaS).
Deploy with Docker or Kubernetes on-premises or with any Cloud Vendor providing Kubernetes support.
Features and functions
A look at what's possible with FoxIDs
One single Identity Provider
You can benefit from having FoxIDs as one single identity provider when building applications. Development becomes simpler and more secure by using the same identity provider and security standards across all applications. Single sign-on is easier to achieve and APIs can be called securely from all applications.
FoxIDs will then handle user authentication with username+password and optionally MFA or transfer user ID's from users authenticated in an external identity provider such as Microsoft Entra ID (Azure AD), AD FS, IdentityServer, Google or Facebook or others supporting OpenID Connect or SAML 2.0.
The application can choose how the user should log in by setting a authentication method as a parameter in the URL.
OpenID Connect and SAML 2.0 applications
It is a common scenario to have OpenID Connect and SAML 2.0 applications in a enterprise architecture. You can connect both OpenID Connect and SAML 2.0 applications to FoxIDs and configure shared or separate login experiences.
Both single sign-on (SSO) and single logout is supported across different types of applications. And if a SAML 2.0 application needs to call an OAuth 2.0 secured API the SAML 2.0 token can be exchanged to an access token for the API.
Token Exchange
Tokens should be issued with lease privileges. If an application needs to call multiple APIs or API groups it is a good and secure approach to issue a separate access token for each API or API group. Use zero trust (never trust, always verify), validate that each API request is authenticated and authorized in context of the calling client and the end-user.
Initially a limited access token is issued which is granted access (with audience and scope) to be exchanged with token exchange to different API / API group access tokens with specific audiences and scopes.
The initial access token can be issued on user authentication in an OpenID Connect application or with client credentials grant in an OAuth 2.0 application.
And thereafter be exchanged to other access tokens.
It is recommended to pass the user's identity securely between APIs. With token exchange in an API, it is possible to issue an access token to another API and thereby calling the next API in the context of the end-user.
SAML 2.0 to OpenID Connect bridge
You can use FoxIDs as a SAML 2.0 to OpenID Connect bridge. Where FoxIDs handles the SAML 2.0 traffic to the external Identity Provider (IdP) and your application connects to FoxIDs with OpenID Connect. You basically only need care about OpenID Connect, the SAML 2.0 connection is handled by FoxIDs.
SAML 2.0 is tricky and an old standard with its shortcomings, and therefore it is often a better choice to use OpenID Connect in your application.
NemLog-in or Context Handler to OpenID Connect bridge
You can connect FoxIDs to NemLog-in (Danish IdP) or Context Handler (Danish identity broker, Fælleskommunal Adgangsstyring) without worrying about the complexity. FoxIDs handles everything related to the OIOSAML3 / SAML 2.0 connection and translate to OpenID Connect. The Danish privilege claim with a base64-decoded XML value can also be transfers to a claim with a readable JSON value.
Your application and possible API is then to connect to FoxIDs with OpenID Connect and OAuth 2.0, and the developer doesn't have to worry much about NemLog-in or Context Handler and all the requirements.