mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-19 08:56:35 +00:00
Improve Identity Providers Documentation and Navigation under Self-Hosted (#501)
* Refactor NavigationDocs component and update documentation structure - Improved formatting and organization of the NavigationDocs component for better readability. - Updated the docsNavigation structure to include detailed sections for managing peers, access control, networks, and integrations. - Removed the identity providers documentation file as part of the restructuring effort. - Enhanced the overall navigation experience by ensuring all links are properly formatted and accessible. * Update NavigationDocs to include new SSO links and remove outdated documentation - Added links for Authentik, Keycloak, Auth0, and JumpCloud under the Single Sign-On section in NavigationDocs. - Removed the single-sign-on.mdx file as part of the documentation cleanup effort. * Add more info about self-hosted IdP support * Update Single Sign-On documentation and NavigationDocs - Updated titles and added introductory text for Auth0, Authentik, JumpCloud, and Keycloak pages to clarify their use as Identity Providers with NetBird. - Commented out the links section in NavigationDocs for Single Sign-On to reflect the current documentation state. Didn't make sense to have those and didn't want to confuse people thinking those are the only supported providers. - Enhanced the index page to include detailed descriptions and setup buttons for Okta ans each OIDC Identity Provider. * Update paths in structure and documentation for Auth0, Authentik, Keycloak, Microsoft Entra ID, Google Workspace, and JumpCloud. This cleanup enhances clarity and ensures all references point to the correct resources. --------- Co-authored-by: braginini <bangvalo@gmail.com>
This commit is contained in:
Brandon Hopkins
90
src/pages/selfhosted/identity-providers/index.mdx
Normal file
90
src/pages/selfhosted/identity-providers/index.mdx
Normal file
@@ -0,0 +1,90 @@
|
||||
import { Note, Button } from '@/components/mdx'
|
||||
|
||||
# Supported Identity Providers (IdPs)
|
||||
|
||||
NetBird’s self-hosted implementation (Community Edition) uses the OpenID Connect (OIDC) protocol for authentication, an
|
||||
industry-standard identity layer built on top of OAuth 2.0. OIDC is used both for user authentication to access the
|
||||
Management Service Dashboard and for user device authorization when accessing internal resources.
|
||||
|
||||
There are several Identity Provider (IdP) options available for running a self-hosted version of NetBird. This document provides
|
||||
an overview of each option along with links to detailed setup guides.
|
||||
|
||||
<Note>
|
||||
In addition to OIDC-based authentication, NetBird supports provisioning users and groups through SCIM and the API.
|
||||
However, this functionality is not available in the open source Community Edition. It is offered only in the cloud-managed
|
||||
version of NetBird or through a [Commercial License](https://netbird.io/pricing#on-prem) for enterprise self-hosted deployments.
|
||||
</Note>
|
||||
|
||||
## Our Approach
|
||||
|
||||
When a user attempts to access the NetBird network, the Management Service redirects them to your configured Identity Provider for authentication. After successful authentication, the IdP issues a JSON Web Token (JWT) that contains the user's identity and claims. NetBird's Management Service validates this token and uses it to authenticate the user without ever storing passwords or sensitive credentials.
|
||||
|
||||
This approach provides several key benefits: it leverages your existing identity infrastructure, enables Single Sign-On (SSO) across your organization, maintains security through token-based authentication, and allows NetBird to cache user information like names and email addresses without storing sensitive data.
|
||||
|
||||
## Self-hosted IdPs
|
||||
|
||||
Self-hosted Identity Providers give you full control over authentication and authorization of your NetBird network. You manage and maintain the IdP infrastructure yourself.
|
||||
|
||||
### Zitadel
|
||||
|
||||
[Zitadel](https://github.com/zitadel/zitadel) is an open-source identity infrastructure platform designed for cloud-native environments. It provides multi-tenancy, customizable branding, passwordless authentication, and supports protocols like OpenID Connect, OAuth2, SAML2, and LDAP. Zitadel offers features such as passkeys (FIDO2), OTP, SCIM 2.0 server, and unlimited audit trails.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/zitadel" variant="outline">Setup Zitadel</Button>
|
||||
|
||||
### Authentik
|
||||
|
||||
[Authentik](https://github.com/goauthentik/authentik) is an open-source identity provider focused on flexibility and security. It serves as a self-hosted alternative to commercial solutions like Okta and Auth0, providing single sign-on (SSO), multi-factor authentication (MFA), access policies, user management, and support for SAML and OIDC protocols. Authentik includes audit logging, password policies, and full API access for automation.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/authentik" variant="outline">Setup Authentik</Button>
|
||||
|
||||
### Keycloak
|
||||
|
||||
[Keycloak](https://github.com/keycloak/keycloak) is an open-source Identity and Access Management solution aimed at modern applications and services. It's one of the most popular self-hosted IdP solutions with extensive documentation and community support. Keycloak provides single sign-on, social login, user federation, fine-grained authorization, and supports OpenID Connect, OAuth 2.0, and SAML 2.0 protocols.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/keycloak" variant="outline">Setup Keycloak</Button>
|
||||
|
||||
### PocketID
|
||||
|
||||
[PocketID](https://pocket-id.org/) is a simplified identity management solution designed for self-hosted environments. It provides authentication and authorization services with a focus on security and effectiveness, making it a lightweight and easy-to-deploy option for organizations seeking a straightforward identity management solution.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/pocketid" variant="outline">Setup PocketID</Button>
|
||||
|
||||
## Managed IdPs
|
||||
|
||||
Managed Identity Providers are third-party cloud services that handle the infrastructure and maintenance of your identity provider. These are ideal if you don't want to manage an IdP instance yourself.
|
||||
|
||||
### Microsoft Entra ID
|
||||
|
||||
[Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) (formerly Azure AD) is an enterprise identity service that provides single sign-on and multifactor authentication to your applications. It's a managed service that integrates seamlessly with Microsoft's ecosystem, offering conditional access policies, identity protection, and privileged identity management. Ideal for organizations already using Microsoft services.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/microsoft-entra-id" variant="outline">Setup Microsoft Entra ID</Button>
|
||||
|
||||
### Okta
|
||||
|
||||
[Okta](https://www.okta.com/) is a cloud-based identity and access management service designed for enterprise use. It provides single sign-on, multifactor authentication, user management, and lifecycle management capabilities. Okta offers extensive integration options with thousands of pre-built connectors, adaptive authentication, and comprehensive API access management.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/okta" variant="outline">Setup Okta</Button>
|
||||
|
||||
### Google Workspace
|
||||
|
||||
[Google Workspace](https://workspace.google.com/) (formerly G Suite) provides identity management through Google's cloud infrastructure. It offers single sign-on capabilities, multi-factor authentication, and seamless integration with Google services. It's an excellent choice for organizations already using Google Workspace for their business operations, providing unified identity across Google and third-party applications.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/google-workspace" variant="outline">Setup Google Workspace</Button>
|
||||
|
||||
### JumpCloud
|
||||
|
||||
[JumpCloud](https://jumpcloud.com/) is a cloud-based directory platform that provides identity, access, and device management in a unified solution. It offers single sign-on, multi-factor authentication, directory services, device management, and network access control. JumpCloud provides a comprehensive approach to managing users, devices, and applications from a single platform.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/jumpcloud" variant="outline">Setup JumpCloud</Button>
|
||||
|
||||
### Keycloak (Managed)
|
||||
|
||||
[Keycloak](https://www.keycloak.org/) can also be deployed as a managed service through various cloud providers, providing the same open-source features with the convenience of cloud hosting and management. This option offers the flexibility and features of Keycloak without the operational overhead of self-hosting.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/keycloak" variant="outline">Setup Keycloak</Button>
|
||||
|
||||
### Auth0
|
||||
|
||||
[Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that's ideal if you don't want to manage an Identity Provider instance on your own. Auth0 offers extensive customization options, developer-friendly APIs, universal login, social identity providers, and advanced security features like anomaly detection and breached password detection.
|
||||
|
||||
<Button href="/selfhosted/identity-providers/managed/auth0" variant="outline">Setup Auth0</Button>
|
||||
Reference in New Issue
Block a user