How to connect

FoxIDs becomes an IdP by registering an application that you connect to your applications and APIs. External IdPs are connected with authentication methods.

By configuring a SAML 2.0 authentication method and an OpenID Connect application, FoxIDs becomes a bridge between SAML 2.0 and OpenID Connect and automatically converts SAML 2.0 claims to JWT (OAuth 2.0) claims.
FoxIDs handles the SAML 2.0 connection so your application only needs to care about OpenID Connect. You can select multiple authentication methods for the same OpenID Connect application to offer users different sign-in options.

If needed you can connect two FoxIDs environments.

Take a look at the FoxIDs test connections in FoxIDs Control: https://control.foxids.com/test-corp
Get read access with the user reader@foxids.com and password gEh#V6kSw

How to connect OpenID Provider / Identity Provider

An external OpenID Provider (OP) / Identity Provider (IdP) can be connected with an OpenID Connect or SAML 2.0 authentication method.

All IdPs supporting either OpenID Connect or SAML 2.0 can be connected to FoxIDs. The following are how-to guides for common IdPs; more guides will be added over time.

OpenID Connect

Configure OpenID Connect to trust an external OpenID Provider (OP) - an Identity Provider (IdP) is called an OpenID Provider (OP) if configured with OpenID Connect.

Always request the sub claim, even if you only plan to use the email claim or another custom user ID claim.

How to guides:

• Connect IdentityServer
• Connect Microsoft Entra ID (Azure AD)
• Connect Azure AD B2C
• Connect Amazon Cognito
• Connect Google
• Connect Facebook
• Connect Signicat
• Connect Nets eID Broker

SAML 2.0

Configure SAML 2.0 to trust an external Identity Provider (IdP).

Always request the NameID claim, even if you primarily use the email (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress) claim or another custom user ID claim. SAML 2.0 logout requires NameID.
Prefer metadata-driven configuration so the customer's IdP can automatically download certificate(s). When possible, ask the customer for a live IdP metadata endpoint.

How to guides:

• Connect PingIdentity / PingOne
• Connect Google Workspace
• Connect Microsoft AD FS
• Connect NemLog-in (Danish IdP)
• Connect Context Handler (Danish identity broker)

Verified platforms

List of customer-verified platforms.

• MobilityGuard
• F5 BIG-IP
• Swedish E-Identitet
• PhenixID
• Nexus Group

How to connect applications

When you register an application with either OpenID Connect or SAML 2.0, FoxIDs becomes an OpenID Provider (OP) / Identity Provider (IdP). You most often connect applications and APIs, but an application registration can also issue tokens to an external system where that system is the relaying party (RP).

OpenID Connect and OAuth 2.0

It is recommended to secure applications and APIs with OpenID Connect and OAuth 2.0. Please see the samples.

How to guides:

• Connect Tailscale

SAML 2.0

Configure SAML 2.0 to be an Identity Provider (IdP).

How to guides:

• Connect Amazon IAM Identity Center
• Connect Google Workspace
• Connect Microsoft Entra ID
• Connect Context Handler test IdP (Danish identity broker)

Connect FoxIDs environments

It is possible to interconnect FoxIDs environments with an Environment Link or OpenID Connect.

You can connect two environments in the same tenant with an Environment Link. Environment Links are fast and secure, but they can only be used to connect within a tenant.
Use Environment Link if you need to connect environments in the same tenant.

You can connect two environments in the same or different tenants with OpenID Connect. The configuration is more complex than using an Environment Link. OpenID Connect is secure and can connect all environments regardless of tenant. There is essentially no difference between external OpenID Connect connections and internal connections used between environments.