Overview of Authentication Federation
SiX IDaaS & IAM Identity Application provides a fully OIDC/OAuth2-compliant identity provider out of the box. The same identity provider also supports SAML2, allowing clients to authenticate using either OIDC/OAuth2 or SAML2, depending on their integration requirements.
Developers can easily deploy a brandable and configurable IdP with minimal setup effort.
The platform is architected to decouple authentication from authorization, enabling flexible integration patterns and a clean separation of concerns. It also supports federated authentication, allowing the IdP to delegate user authentication to external identity providers.
TIP
From the client’s perspective, it can act as either an OIDC/OAuth2 client or a SAML2 client to interact with the IdP created on SiX IDaaS & IAM, regardless of how the IdP handles authentication internally.
TIP
After federation, your IdP user will benefit from MFA, personal information sharing consent control, more at: Overview of Data Security & Privacy
TIP
Authentication federation refers to delegated authentication. When the IdP within a SiX IDaaS & IAM tenant receives an authentication request, it delegates the request to a configured external identity provider.
Why Federated Authentication matters
Why Federated Authentication Matters for Seamless Integration
When deploying software—whether on-premises or as a SaaS solution—customers often prefer using their existing corporate accounts (e.g., employee credentials from Active Directory) rather than creating separate logins for each system. However, your software still needs a reliable authentication mechanism to function properly, typically assigning each user a unique internal ID.
If every third-party software relies on its own authentication system, data silos emerge: the same user ends up with different IDs across different systems, making end-to-end integration cumbersome. Without a unified identity, linking user data across platforms becomes a significant challenge.
The Solution: Federated Authentication with a Corporate IdP
By federating authentication with the customer’s existing Identity Provider (IdP), such as their corporate Active Directory, you can resolve this issue. Here’s how it works:
User Authentication: When a user accesses your software, they are redirected to the corporate IdP for login.
Global User ID: After successful authentication, your system receives a token containing the user’s global unique ID (e.g., an immutable object ID).
Local Account Mapping: Your software creates a local user account, assigns an internal ID, and links it to the global ID from the IdP.
Seamless Integration: During end-to-end integration, the global user ID serves as a consistent key to unify data across all federated systems.
Benefits of Federated Authentication with SiX IDaaS & IAM
With SiX IDaaS & IAM, you can easily implement this federation. If all third-party software adopts the same approach, customers gain:
✅ Single Sign-On (SSO) – Users log in once to access all integrated systems.
✅ Enhanced Security – Enable MFA and consent control for the user.
✅ Data Interoperability – Eliminate silos by linking user data across platforms using a universal identity.
By federating authentication, you streamline access, strengthen security, and unlock seamless integration—delivering a better experience for your customers.
Typical federation flow by using SiX IDaaS & IAM
🔐 Federated Identity Provider Options
| No | Federated IdP | Description | Typical Use Case | Where Credentials Reside | Credentials flow Pass SiX IDaaS & IAM server? |
|---|---|---|---|---|---|
| 1 | N/A | No federation | SiX IDaaS & IAM | Yes | |
| 2 | OIDC IdP | Federating IdP acts as OIDC client | SSO with external OIDC provider | Federated IdP | No |
| 3 | SAML2 IdP | Federating IdP Acts as SAML2 client | SSO with external SAML2 provider (e.g., Okta) | Federated IdP | No |
| 4 | HTTP/HTTPS IdP | Uses REST API for auth | Corporate AD via custom HTTP(S) endpoint | Federated IdP | Yes |
| 5 | Custom IdP | Forwards encrypted auth flow to external IdP | Advanced custom integrations (e.g., legacy IdP) | Federated IdP | No |