An open API service indexing awesome lists of open source software.

https://github.com/ory/polis

🔥 Streamline your web application's authentication with Polis, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩
https://github.com/ory/polis

enterprise-software hacktoberfest identity-access-management javascript next-auth nextjs nodejs oidc open-source openid openid-connect saml saml-authentication saml-identity-provider saml-service-provider saml2 single-sign-on sso sso-authentication typescript

Last synced: 3 months ago
JSON representation

🔥 Streamline your web application's authentication with Polis, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩

Awesome Lists containing this project

README

          

Ory polis - Open source Enterprise SSO and Directory Sync


Chat |
Discussions |
Newsletter


Guide |
API Docs |
Support this project!


Work in Open Source, Ory is hiring!

---


CI Tasks for Ory polis

CII Best Practices

>

Ory Polis - formerly known as BoxyHQ Jackson - bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect, abstracting away all the complexities of the SAML protocol. It also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. Ory Polis also supports OpenID Connect providers.

## Ory Polis on the Ory Network

The [Ory Network](https://www.ory.sh/cloud) is the fastest, most secure and
worry-free way to use Ory's Services. **SAML & SCIM** on Ory Network are powered by Ory Polis.

The Ory Network provides the infrastructure for modern end-to-end security:

- **Identity & credential management scaling to billions of users and devices**
- **Registration, Login and Account management flows for passkey, biometric,
social, SSO and multi-factor authentication**
- **Pre-built login, registration and account management pages and components**
- OAuth2 and OpenID provider for single sign on, API access and
machine-to-machine authorization
- Low-latency permission checks based on Google's Zanzibar model and with
built-in support for the Ory Permission Language
- SAML, SCIM, and complex Enterprise SSO capabilities

It's fully managed, highly available, developer & compliance-friendly!

- GDPR-friendly secure storage with data locality
- Cloud-native APIs, compatible with Ory's Open Source servers
- Comprehensive admin tools with the web-based Ory Console and the Ory Command
Line Interface (CLI)
- Extensive documentation, straightforward examples and easy-to-follow guides
- Fair, usage-based [pricing](https://www.ory.sh/pricing)

Sign up for a
[**free developer account**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=polis-readme)
today!

## Ory Polis On-premise support

Are you running Ory Polis in a mission-critical, commercial environment? The Ory Enterprise License (OEL) provides enhanced features, security, and expert support directly from the Ory core maintainers.

Organizations that require advanced features, enhanced security, and enterprise-grade support for Ory's identity and access management solutions benefit from
the Ory Enterprise License (OEL) as a self-hosted, premium offering including:

- Additional features not available in the open-source version.
- Regular releases that address CVEs and security vulnerabilities, with strict SLAs for patching based on severity.
- Support for advanced scaling and multi-tenancy features.
- Premium support options, including SLAs, direct engineer access, and concierge onboarding.
- Access to private Docker registry for a faster, more reliable access to vetted enterprise builds.

A valid Ory Enterprise License and access to the Ory Enterprise Docker Registry are required to use these features. OEL is designed for mission-critical, production, and global applications where organizations need maximum control and flexibility over their identity infrastructure. Ory's offering is the only official program for qualified support from the maintainers. For more information book a meeting with the Ory team to **[discuss your needs](https://www.ory.sh/contact/)**!

## Directory Sync

Ory Polis also supports Directory Sync based on the SCIM 2.0 protocol.

Directory sync helps organizations automate the provisioning and de-provisioning of their users. As a result, it streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.

For complete documentation, visit the [Ory Polis documentation](https://ory.sh/docs/polis)

- [Ory Polis on the Ory Network](#ory-polis-on-the-ory-network)
- [Ory Polis On-premise support](#ory-polis-on-premise-support)
- [Directory Sync](#directory-sync)
- [What is Ory Polis?](#what-is-ory-polis)
- [Who is using it?](#who-is-using-it)
- [Get Started with Ory Polis](#get-started-with-ory-polis)
- [Installation](#installation)
- [Ecosystem](#ecosystem)
- [Ory Kratos: Identity and User Infrastructure and Management](#ory-kratos-identity-and-user-infrastructure-and-management)
- [Ory Hydra: OAuth2 & OpenID Connect Server](#ory-hydra-oauth2--openid-connect-server)
- [Ory Oathkeeper: Identity & Access Proxy](#ory-oathkeeper-identity--access-proxy)
- [Ory Keto: Access Control Policies as a Server](#ory-keto-access-control-policies-as-a-server)
- [End-to-End (E2E) tests](#end-to-end-e2e-tests)
- [Security](#security)
- [Disclosing vulnerabilities](#disclosing-vulnerabilities)
- [Telemetry](#telemetry)
- [Documentation](#documentation)
- [Guide](#guide)
- [HTTP API documentation](#http-api-documentation)
- [Upgrading and Changelog](#upgrading-and-changelog)
- [Develop](#develop)

## What is Ory Polis?

Ory Polis - formerly known as BoxyHQ Jackson - is an Enterprise Single Sign-On (SSO) service for SAML and OIDC identity providers.
It implements SSO as an OAuth 2.0 flow, abstracting away the complexities of the underlying SAML or OIDC protocol.
Ory Polis offers a range of features to simplify and secure enterprise SSO:

- SAML/OIDC Enterprise SSO: Implements Single Sign-On for SAML or OIDC Identity Providers, abstracting the underlying protocol
complexities and making it easy to connect with various enterprise identity systems.
- OAuth 2.0 flow abstraction: Presents the SSO process as a standard OAuth 2.0 flow. Ideal for developers already familiar with
OAuth 2.0 and OpenID Connect.
- Data ownership and control: As an open-source solution, Ory Polis allows you to host the service yourself, ensuring you maintain
full control over your data and your customers' identity information.
- Flexible database support (BYOD): Supports a "Bring Your Own Database" model. This includes built-in compatibility for databases
such as MySQL, MariaDB, Postgres, MongoDB, Redis, and PlanetScale, and works well with databases from major hosting providers.
- Modular design: Built with a modular architecture where business logic is separated into distinct controllers, enhancing
flexibility, maintainability, and the ability to adopt features incrementally.

We highly recommend reading the
[Ory Polis introduction docs](https://www.ory.sh/docs/polis) to learn more
about Ory Polis's background, feature set, and differentiation from other
products.

### Who is using it?

The Ory community stands on the shoulders of individuals, companies, and
maintainers. The Ory team thanks everyone involved - from submitting bug reports
and feature requests, to contributing patches and documentation. The Ory
community counts more than 50.000 members and is growing. The Ory stack protects
7.000.000.000+ API requests every day across thousands of companies. None of
this would have been possible without each and everyone of you!

The following list represents companies that have accompanied us along the way
and that have made outstanding contributions to our ecosystem. _If you think
that your company deserves a spot here, reach out to
office@ory.sh now_!




Name
Logo
Website
Case Study




OpenAI



OpenAI


openai.com
OpenAI Case Study


Fandom



Fandom


fandom.com
Fandom Case Study


Lumin



Lumin


luminpdf.com
Lumin Case Study


Sencrop



Sencrop


sencrop.com
Sencrop Case Study


OSINT Industries



OSINT Industries


osint.industries
OSINT Industries Case Study


HGV



HGV


hgv.it
HGV Case Study


Maxroll



Maxroll


maxroll.gg
Maxroll Case Study


Zezam



Zezam


zezam.io
Zezam Case Study


T.RowePrice



T.RowePrice


troweprice.com


Mistral



Mistral


mistral.ai


Axel Springer



Axel Springer


axelspringer.com


Hemnet



Hemnet


hemnet.se


Cisco



Cisco


cisco.com


Presidencia de la República Dominicana



Presidencia de la República Dominicana


presidencia.gob.do


Moonpig



Moonpig


moonpig.com


Booster



Booster


choosebooster.com


Zaptec



Zaptec


zaptec.com


Klarna



Klarna


klarna.com


Raspberry PI Foundation



Raspberry PI Foundation


raspberrypi.org


Tulip



Tulip Retail


tulip.com


Hootsuite



Hootsuite


hootsuite.com


Segment



Segment


segment.com


Arduino



Arduino


arduino.cc


Sainsbury's



Sainsbury's


sainsburys.co.uk


Contraste



Contraste


contraste.com


inMusic



InMusic


inmusicbrands.com


Buhta



Buhta


buhta.com



Amplitude



amplitude.com


amplitude.com


TIER IV
Kyma Project
Serlo
Padis


Cloudbear
Security Onion Solutions
Factly
All My Funds


Nortal
OrderMyGear
R2Devops
Paralus


dyrector.io
pinniped.dev
pvotal.tech


Many thanks to all individual contributors

## Get Started with Ory Polis

There are two ways to integrate Ory Polis into an application. Depending on your use case, you can choose either of them.

1. [As a separate service](https://ory.sh/docs/polis/guides/service) ([Next.js](https://nextjs.org/) application) This includes an admin portal out of the box for managing SSO and Directory Sync connections.
2. [NPM library](https://ory.sh/docs/polis/guides/npm-library) as an embedded library in your application.

### Installation

Head over to the
[Ory Developer Documentation](https://ory.sh/docs/polis/install) to learn
how to install Ory Polis.

## Ecosystem

We build Ory on several guiding principles when it comes to our architecture
design:

- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors

Ory's architecture is designed to run best on a Container Orchestration system
such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are
small (5-15MB) and available for all popular processor types (ARM, AMD64, i386)
and operating systems (FreeBSD, Linux, macOS, Windows) without system
dependencies (Java, Node, Ruby, libxml, ...).

### Ory Kratos: Identity and User Infrastructure and Management

[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User
Management system that is built according to
[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy).
It implements core use cases that almost every software application needs to
deal with: Self-service Login and Registration, Multi-Factor Authentication
(MFA/2FA), Account Recovery and Verification, Profile, and Account Management.

### Ory Hydra: OAuth2 & OpenID Connect Server

[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certifiedâ„¢ OAuth2 and
OpenID Connect Provider which easily connects to any existing identity system by
writing a tiny "bridge" application. It gives absolute control over the user
interface and user experience flows.

### Ory Oathkeeper: Identity & Access Proxy

[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust
Identity & Access Proxy (IAP) with configurable authentication, authorization,
and request mutation rules for your web services: Authenticate JWT, Access
Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
request; Encode resulting content into custom headers (`X-User-ID`), JSON Web
Tokens and more!

### Ory Keto: Access Control Policies as a Server

[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a
set of access control policies, similar to AWS IAM Policies, in order to
determine whether a subject (user, application, service, car, ...) is authorized
to perform a certain action on a resource.

## End-to-End (E2E) tests

Create a `.env.test.local` file and populate the values. To execute the tests run:

```zsh
npm run test:e2e
```

## Security

### Disclosing vulnerabilities

If you think you found a security vulnerability, please refrain from posting it
publicly on the forums, the chat, or GitHub. You can find all info for
responsible disclosure in our
[security.txt](https://www.ory.sh/.well-known/security.txt).

## Telemetry

Ory's services collect summarized, anonymized data that can optionally be turned
off. Click [here](https://www.ory.sh/docs/ecosystem/sqa) to learn more.

## Documentation

### Guide

The Guide is available [here](https://www.ory.sh/docs/polis).

### HTTP API documentation

The HTTP API is documented [here](https://www.ory.sh/docs/polis/reference/api).

### Upgrading and Changelog

New releases might introduce breaking changes. To help you identify and
incorporate those changes, we document these changes in the
[Releases](https://github.com/ory/polis/releases). For upgrading, please visit the
[upgrade guide](https://ory.sh/docs/polis/upgrade).

## Develop

We encourage all contributions and encourage you to read our
[contribution guidelines](./CONTRIBUTING.md)