Identity Platform

  • Identity Charmers | bundle
Channel Revision Published
latest/edge 37 05 Dec 2024
0.3/edge 32 20 Sep 2024
0.2/edge 25 09 May 2024
0.1/edge 17 25 Apr 2024
juju deploy identity-platform --channel edge
Show information

Platform:

The below diagram describes the high level architecture of the Canonical Identity Platform and its dependencies:

Alt text

The Canonical Identity Platform is an identity broker: it connects identity providers (Microsoft Azure Active Directory, Okta, Google, GitHub, …) with multiple service providers (Grafana, Kafka, and/or other charmed workloads).

The charmed operators that make up Canonical Identity Platform are available as an identity-platform bundle.

It consists of several components:

The Canonical Identity Platform benefits from charm relation interfaces and juju config to simplify the experience of propagating SSO configuration across multiple applications. There are 2 main integration points:

  • oauth relation interface, which allows to integrate OIDC-compatible charms with the OAuth Server. When used, Charmed Ory Hydra registers an OAuth client for your charmed application and manages it throughout its lifecycle. You can also integrate non-charmed, but OIDC-compatible workloads with Charmed Hydra’s actions.

  • Charmed Kratos External IDP Integrator, which updates the configuration of the identity server (Charmed Kratos) with the external identity provider setup that is defined via juju config. You can define multiple identity providers by deploying more Integrator charm instances.

Interested in learning how to integrate your application with the Canonical Identity Platform? Check our how-to guides.


Help improve this document in the forum (guidelines). Last updated 3 months ago.