Description

FoxIDs is an Identity Service (IDS) that automatically handles OAuth 2.0, OpenID Connect 1.0, and SAML 2.0 so you can deliver secure sign-in flows without running the underlying identity infrastructure yourself.

Hosted in Europe - Ownership and data remain in Europe.

Platform overview

  • Unified identity hub: Use FoxIDs as both an authentication platform and a federation broker. Bridge protocols by converting between OpenID Connect 1.0 and SAML 2.0 when needed.
  • Multi-tenant design: Each tenant can host multiple environments (for example prod, QA, test, dev or corporate, external-idp, app-a, app-b) and optionally interconnect them.
  • Per-environment security: Every environment is its own Identity Provider with a dedicated user repository and certificate. Connect to external IdPs using OpenID Connect 1.0 or SAML 2.0, and register applications with OAuth 2.0, OpenID Connect 1.0, or SAML 2.0.
  • Customisable experiences: Tailor the user login journey and optionally customise branding, texts, and behaviour per environment.

Explore the FoxIDs test configuration in FoxIDs Control: https://control.foxids.com/test-corp
Sign in with reader@foxids.com and password gEh#V6kSw for read-only access.

Services

  • FoxIDs: The runtime identity service that manages user authentication and the OAuth 2.0, OpenID Connect 1.0, and SAML 2.0 protocol flows.
  • FoxIDs Control: The administration surface available as a UI and API for configuring tenants, environments, connections, and applications.

Hosting options

  • FoxIDs Cloud (SaaS): Consume FoxIDs as a managed Identity Service at FoxIDs Cloud.
  • Self-hosted: Deploy FoxIDs yourself on IIS, Docker or Kubernetes (K8s) when you need full control over the hosting environment.

New to FoxIDs? Start with the get started guide.

Source code availability

The FoxIDs source code lives on GitHub. The license lets you install and use FoxIDs for non-production scenarios, and grants small companies, personal projects, and non-profit educational institutions the right to run FoxIDs in production.

Selection by URL

FoxIDs separates tenants, environments, and connections with a consistent URL structure.

  • Base host example: https://foxidsxxxx.com/
  • Tenant segment: https://foxidsxxxx.com/tenant-x/
  • Environment segment: https://foxidsxxxx.com/tenant-x/environment-y/
  • Application registration: https://foxidsxxxx.com/tenant-x/environment-y/application-z/
  • Authentication method: https://foxidsxxxx.com/tenant-x/environment-y/(auth-method-s)/

When FoxIDs handles a login sequence that results in a session cookie, the cookie stays scoped to the specific URL.

During OpenID Connect or SAML 2.0 flows, clients choose the authentication method by appending the method name in round brackets after the application registration name:
https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-s)/

Selecting multiple authentication methods:

  • Default: Allow every permitted authentication method with a star *:
    https://foxidsxxxx.com/tenant-x/environment-y/application-z(*)/
  • List: Pick up to four methods separated by commas:
    https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-s1,auth-method-s2,auth-method-s3,auth-method-s4)/
  • Profiles: Address a predefined authentication profile using +:
    https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-s+profile-u)/

Configure the permitted authentication methods inside each application registration.

A client using the client credentials grant does not have to specify the authentication method. The same applies when requesting an OpenID Connect discovery document or a SAML 2.0 metadata endpoint.

Your Privacy

We use cookies to make your experience of our websites better. Click the 'Accept all cookies' button to agree to the use of cookies. To opt out of non-essential cookies, click 'Necessary cookies only'.

Visit our Privacy Policy page for more