Get started

FoxIDs is available at or you can deploy FoxIDs in your Microsoft Azure tenant as your own private cloud. is deployed in Europe in Microsoft Azure Holland as an Identity Services (IDS) also called Identity as a Service (IDaaS).

  1. Register on, where you get access to your one FoxIDs tenant. The tenant will hold your organizations entire security service.
    You become the first admin user and you can add more admin users later on. You can optionally configure external trust in the master track to authorize external admin users.

FoxIDs Private Cloud

FoxIDs is open-source and you are free to deploy FoxIDs as your own private cloud in your Microsoft Azure tenant.

  1. Deploy FoxIDs in your Microsoft Azure tenant.
  2. After successfully deployment, login to the master tenant.
    You can create more admin users in the master tenant. You can optionally configure external trust to authorize external admin users.
  3. Create the tenant for your organizations security services. Applications, APIs and connections in general is configured in this tenant.
    You can create more admin users in the new tenants master track. You can optionally connect the master tenants master track to the new tenants master track to authorize admin users from the master tenant.

1) First login

You are presented with a list of your tracks when you login.

FoxIDs first login

The default tracks in a tenant:

  • master is the track responsible for access to the tenant and the subsequently tracks.
    The Control Client and Control API is configured in the master track and admin users is added to the master track. You should normally not add applications in the master track.
  • - (dash) is the production track holding your organizations production security service
  • test is a track meant for testing. You probably need more tracks for dev, test QA etc.

You can add and delete tracks as you wish including deleting the default - (dash) and test tasks.

2) Run the first application

You can e.g. start by configuring the first application in the test track, add test user(s) and login.

You can either configure your own application or configure the samples and run a sample application.

Add a test user to be able to login!

Add test user(s)

Select the test track and go to the Users tab to create a test user(s).

Test user

Then click Create User, fill out the page and click Create.

Create test user

Default login UI

In the test track go to the Parties tab and Up-parties subtab where you find the default login up-party which handles the user login and logout.

Login up-party

Configure your own application

In the test track go to the Parties tab and Down-parties subtab to configure your application.

A web based applications (client / relaying party) can be configured with OpenID Connect or SAML 2.0.

Down-party application

Add the default login as the allowed up-party in your down-party application.

It is possible to add more up-parties to federate with external Identity Providers (IdPs). Thereafter, a new up-party can be added to your down-party application.

Sample application

The sample applications can be found in the samples repository.

The samples contains a configuration seed tool which is used to configure all the samples in the test track or another track.

After successfully configuring the samples a good starting point is the AspNetCoreOidcAuthCodeAllUpPartiesSample web application.
You need to update the tenant and track configuration in the appsettings.json config file and thereafter the sample should work.