Composable identity provider and identity broker system based on Juju.
The Canonical Identity Platform is the simplest way to add single sign on (SSO) for charmed workloads and centralized authentication, authorisation and access governance controls.
See more: Identity Platform
The Canonical Identity Platform uses best of breed open source software to provide:
- The ability to configure SSO with third party, OIDC compliant identity providers (e.g. Azure AD, Google, Okta, etc.)
- A standard compliant OAuth/OIDC server
- User and client management functionalities
- A relationship based access control (ReBAC) backend
- A login UI and error pages
While primarily designed for charmed workloads the Canonical Identity Platform can also be used to protect traditional Kubernetes and Virtual Machine based applications.
In this documentation
| Tutorial Get started - a hands-on introduction for new users deploying the Identity Platform |
How-to guides Step-by-step guides covering key operations and common tasks |
| Reference Technical information - specifications, APIs, architecture |
Explanation Discussion and clarification of key topics related to Identity Platform |
Project and community
The Canonical Identity Platform is a member of the Ubuntu family. It’s an open source project that warmly welcomes community projects, contributions, suggestions, fixes and constructive feedback.
- Code of conduct
- Join the Discourse community forum
- Join the Matrix community chat
- Contribute on GitHub
- View our roadmap
Thinking about using the Canonical Identity Platform for your next project? Get in touch with the team!
Navigation
Navigation
| Level | Path | Navlink |
|---|---|---|
| 1 | overview | Home |
| 1 | tutorials | Tutorial |
| 2 | tutorials/e2e-tutorial | Getting started with the Canonical Identity Platform |
| 2 | tutorials/identity-access-proxy-tutorial | Getting started with the Canonical Identity and Access Proxy |
| 1 | how-to | How-to guides |
| 2 | how-to/integrate-external-identity-provider | Integrate with external identity providers |
| 2 | how-to/integrate-oidc-compatible-charms | Integrate with OIDC compatible charms |
| 2 | how-to/integrate-cos | Integrate with Canonical Observability Stack |
| 2 | how-to/ory-database-migration | Perform Database Migration with Identity Platform Components |
| 2 | how-to/use-local-identity-provider | Use local identity provider |
| 2 | how-to/manage-users | Manage users |
| 1 | reference | Reference |
| 2 | reference/bundles | Bundles |
| 2 | reference/self-service-flows | Self-service flows |
| 3 | reference/bundles/identity-platform | Identity Platform |
| 3 | reference/bundles/architecture | Architecture |
| 3 | reference/bundles/login-flow | Login flow |
| 2 | reference/observability | Observability setup |
| 3 | reference/observability/kratos-observability | Kratos Observability |
| 3 | reference/observability/hydra-observability | Hydra Observability |
| 3 | reference/observability/identity-platform-login-ui-observability | Identity Platform Login UI Observability |
| 2 | reference/kubernetes-charms | Kubernetes Charms |
| 3 | reference/kubernetes-charms/hydra | Hydra |
| 3 | reference/kubernetes-charms/kratos | Kratos |
| 3 | reference/kubernetes-charms/kratos-external-idp-integrator | Kratos External IdP Integrator |
| 3 | reference/kubernetes-charms/idp-ui | Identity Platform Login UI |
| 1 | explanation | Explanation |
| 2 | explanation-security | Security in Canonical Identity Platform |