How to connect

FoxIDs become an IdP by registering an application where you can connect applications and APIs. External IdPs is connected with an authentication methods.

By configuring a SAML 2.0 authentication method and a OpenID Connect application FoxIDs become a bridge between SAML 2.0 and OpenID Connect and automatically convert SAML 2.0 claims to JWT (OAuth 2.0) claims.
FoxIDs will then handle the SAML 2.0 connection and you only need to care about OpenID Connect in your application. You can possibly select multiple authentication methods from the same OpenID Connect application.

If needed you can connect two FoxIDs environments.

Take a look at the FoxIDs test connections in FoxIDs Control: https://control.foxids.com/test-corp
Get read access with the user reader@foxids.com and password TestAccess!

How to connect OpenID Provider / Identity Provider

An external OpenID Provider (OP) / Identity Provider (IdP) can be connected with a OpenID Connect or SAML 2.0 authentication method.

All IdPs supporting either OpenID Connect or SAML 2.0 can be connected to FoxIDs. The following is how to guides for some IdPs; more guides will be added over time.

OpenID Connect

Configure OpenID Connect which trust an external OpenID Provider (OP) - an Identity Provider (IdP) is called an OpenID Provider (OP) if configured with OpenID Connect.

You should always ask for the sub claim, even if you only use the email claim or e.g. another custom user ID claim.

How to guides:

• Connect IdentityServer
• Connect Microsoft Entra ID (Azure AD)
• Connect Azure AD B2C
• Connect Amazon Cognito
• Connect Google
• Connect Facebook
• Connect Signicat
• Connect Nets eID Broker

SAML 2.0

Configure SAML 2.0 which trust an external Identity Provider (IdP).

You should always ask for the NameID claim, even if you only use the email (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress) claim or e.g. another custom user ID claim. SAML 2.0 can not do logout without the NameID claim.
You should prefer to do SAML 2.0 connects with the use of the authentication methods metadata, then the customer's IdP can automatically download the certificate(s). And request for an online IdP metadata from the customer.

How to guides:

• Connect PingIdentity / PingOne
• Connect Google Workspace
• Connect Microsoft AD FS
• Connect NemLog-in (Danish IdP)
• Connect Context Handler (Danish identity broker)

How to connect applications

When you register an application with either OpenID Connect or SAML 2.0, FoxIDs become an OpenID Provider (OP) / Identity Provider (IdP). You would most often connect applications and APIs. But an application registration can also be used as a OP / IdP for an external system where the external system is the relaying party (RP).

OpenID Connect and OAuth 2.0

It is recommended to secure applications and APIs with OpenID Connect and OAuth 2.0. Please see the samples.

SAML 2.0

Configure SAML 2.0 to be an Identity Provider (IdP).

How to guides:

• Connect Amazon IAM Identity Center
• Connect Context Handler test IdP (Danish identity broker)

Connect FoxIDs environments

It is possible to interconnect FoxIDs environments with a Environment Link or OpenID Connect.

You can connect two environments in the same tenant with a Environment Link. Environment Links is fast and secure, but they can only be used in to connect within a tenant.
It is recommended to use Environment Link if you need to connect environments in the same tenant.

You can connect two environments in the same or different tenants with OpenID Connect. The configuration is more complex than if you use a Environment Link. OpenID Connect is secure and you can connect all environments regardless of which tenant they are in. There is basically not different in external OpenID Connect connections and internal connections used between environments.