Developed in Denmark and hosted in Netherlands, ownership and data is kept in Europe.
FoxIDs is designed as a container with multi-tenant support. Your tenant holds your tracks which correspond to your environments (prod, QA, test, dev) and other elements.
Each track is an Identity Provider with a user repository, a unique certificate and connections.
Connections to external Identity Provider is configured as OpenID Connect 1.0 or SAML 2.0 up-parties where applications and APIs is configured as OAuth 2.0, OpenID Connect 1.0 or SAML 2.0 down-parties.
The users login experience is configured as an up-party.
FoxIDs consist of two services:
- The identity service which in short is called FoxIDs. The service handles user login and all other security traffic.
- The configuration service FoxIDs Control is used to configure FoxIDs in a user interface (FoxIDs Control Client) or by calling an API (FoxIDs Control API).
FoxIDs can be deployed and used by a single company or deployed as a shared cloud container and used by multiple organisations. You can select to use a shared cloud or a private cloud setup.
- FoxIDs SaaS is available at FoxIDs.com as an Identity Services (IDS) also called Identity as a Service (IDaaS).
FoxIDs.com is hosted in Europe and mainly in Microsoft Azure Holland, Netherlands.
- You are free to deploy FoxIDs as your own private cloud on Microsoft Azure.
For more information please see the get started guide.
Free and Open-Source
FoxIDs is free and open-source, see the GitHub repository.
The license grant all (individuals, companies etc.) the right to use FoxIDs for free. The license only restricts reselling FoxIDs as a IDaaS to third parties, without a supplementary agreement. You are free to use FoxIDs as a IDaaS for you own products.
Selection by URL
If FoxIDs is hosted on e.g.,
https://foxidsxxxx.com/ the tenants are separated in the first path element of the URL
The tracks are separated under each tenant in the second path element of the URL
A down-party is call by adding the down-party name as the third path element in the URL
A up-party is call by adding the up-party name insight round brackets as the third path element in the URL
If FoxIDs handles a up-party sequence resulting in a session cookie the same URL notation is used to lock the cookie to the URL.
When a client (application) starts an OpenID Connect or SAML 2.0 login sequence it needs to specify by which up-party the user should authenticate.
The up-party is selected by adding the up-party name in round brackets in the URLs third path element after the down-party name
Selecting multiple up-parties:
- Select all allowed up-parties for a down-party by adding a star in round brackets in the URL after the down-party name
- Select a maximum of 4 allowed up-parties for a down-party by adding the up-parties as a comma separated list in round brackets
in the URL after the down-party name
The allowed up-parties is configured in each down-party.
A client using client credentials as authorization grant would not specify the up-party. It is likewise optional to specify the up-party when calling an OpenID Connect discovery document or a SAML 2.0 metadata endpoint.