Identity Providers
Configure external OAuth 2.0 or SSO providers like Google, Azure, or GitHub for Altostrat authentication.
Altostrat Identity Provider (IDP) integrations let users log in using their existing accounts—reducing password fatigue and simplifying onboarding. You can configure various OAuth 2.0 or SSO providers to suit your organization’s needs.
Why Use External IDPs?
- Single Sign-On (SSO): Streamline user authentication with corporate or social accounts.
- Improved Security: Leverage well-established providers (e.g., Google, Microsoft Azure) with built-in MFA or domain control.
- Reduced Overhead: Fewer credentials to manage means less admin work for your team.
Supported Identity Providers
| Provider | Description |
|---|---|
| Google Cloud | Allow logins with Google accounts (Gmail or corporate Google Workspace). |
| Microsoft Azure (Entra) | Use Azure AD credentials; suits environments with Microsoft 365. |
| GitHub (IDP) | Great for open-source or developer-oriented teams logging in via GitHub. |
If you need another provider, Altostrat supports generic OAuth 2.0 setups that may work with Okta, Auth0, or other SSO platforms.
Creating an IDP Instance
Open Altostrat Integrations
From the dashboard, navigate to Integrations → Identity Providers.
Add a New IDP
Click Add or + New. Provide a Name (e.g., “GitHub SSO”).
Configure Client Credentials
Enter the Client ID, Client Secret, and any required Tenant/Domain details from your chosen provider. If you’re unsure, see:
- Google Cloud Integration
- Microsoft Azure Integration
- GitHub IDP Setup (if available)
Callback URL
Ensure the callback https://auth.altostrat.app/callback is registered in your provider’s console.
Save & Test
Click Save. Use a test user to attempt an OAuth login. If everything is correct, you’re good to go.
Editing or Removing an IDP
Locate the IDP Instance
Under Integrations → Identity Providers, find the one you want to modify.
Adjust Credentials or Remove
Update Client Secret if you rotate it, or remove the IDP if you no longer need it.
Deleting an IDP prevents any user relying on that method from logging in. Make sure you have alternative access for administrative tasks if needed.
Best Practices
- Multiple IDPs: You can enable multiple providers so users can choose how to log in.
- Policy Enforcement: Ensure you have Roles & Permissions set up for newly created users from any IDP.
- Failover: Maintain at least one admin account with native Altostrat credentials in case external IDPs have outages or misconfigurations.
If you encounter issues, check the Orchestration Log or contact Altostrat Support for further assistance.
Was this page helpful?