https://github.com/ory/polis
🔥 Streamline your web application's authentication with Polis, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩
https://github.com/ory/polis
enterprise-software hacktoberfest identity-access-management javascript next-auth nextjs nodejs oidc open-source openid openid-connect saml saml-authentication saml-identity-provider saml-service-provider saml2 single-sign-on sso sso-authentication typescript
Last synced: 3 months ago
JSON representation
🔥 Streamline your web application's authentication with Polis, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩
- Host: GitHub
- URL: https://github.com/ory/polis
- Owner: ory
- License: apache-2.0
- Created: 2021-08-14T04:41:00.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2025-06-21T10:37:32.000Z (4 months ago)
- Last Synced: 2025-06-21T11:30:28.719Z (4 months ago)
- Topics: enterprise-software, hacktoberfest, identity-access-management, javascript, next-auth, nextjs, nodejs, oidc, open-source, openid, openid-connect, saml, saml-authentication, saml-identity-provider, saml-service-provider, saml2, single-sign-on, sso, sso-authentication, typescript
- Language: TypeScript
- Homepage: https://www.ory.sh/docs/polis
- Size: 53.3 MB
- Stars: 2,087
- Watchers: 15
- Forks: 187
- Open Issues: 47
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
Ory polis - Open source Enterprise SSO and Directory Sync
Chat |
Discussions |
Newsletter
Guide |
API Docs |
Support this project!
Work in Open Source, Ory is hiring!
---
>
Ory Polis - formerly known as BoxyHQ Jackson - bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect, abstracting away all the complexities of the SAML protocol. It also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. Ory Polis also supports OpenID Connect providers.
## Ory Polis on the Ory Network
The [Ory Network](https://www.ory.sh/cloud) is the fastest, most secure and
worry-free way to use Ory's Services. **SAML & SCIM** on Ory Network are powered by Ory Polis.
The Ory Network provides the infrastructure for modern end-to-end security:
- **Identity & credential management scaling to billions of users and devices**
- **Registration, Login and Account management flows for passkey, biometric,
social, SSO and multi-factor authentication**
- **Pre-built login, registration and account management pages and components**
- OAuth2 and OpenID provider for single sign on, API access and
machine-to-machine authorization
- Low-latency permission checks based on Google's Zanzibar model and with
built-in support for the Ory Permission Language
- SAML, SCIM, and complex Enterprise SSO capabilities
It's fully managed, highly available, developer & compliance-friendly!
- GDPR-friendly secure storage with data locality
- Cloud-native APIs, compatible with Ory's Open Source servers
- Comprehensive admin tools with the web-based Ory Console and the Ory Command
Line Interface (CLI)
- Extensive documentation, straightforward examples and easy-to-follow guides
- Fair, usage-based [pricing](https://www.ory.sh/pricing)
Sign up for a
[**free developer account**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=polis-readme)
today!
## Ory Polis On-premise support
Are you running Ory Polis in a mission-critical, commercial environment? The Ory Enterprise License (OEL) provides enhanced features, security, and expert support directly from the Ory core maintainers.
Organizations that require advanced features, enhanced security, and enterprise-grade support for Ory's identity and access management solutions benefit from
the Ory Enterprise License (OEL) as a self-hosted, premium offering including:
- Additional features not available in the open-source version.
- Regular releases that address CVEs and security vulnerabilities, with strict SLAs for patching based on severity.
- Support for advanced scaling and multi-tenancy features.
- Premium support options, including SLAs, direct engineer access, and concierge onboarding.
- Access to private Docker registry for a faster, more reliable access to vetted enterprise builds.
A valid Ory Enterprise License and access to the Ory Enterprise Docker Registry are required to use these features. OEL is designed for mission-critical, production, and global applications where organizations need maximum control and flexibility over their identity infrastructure. Ory's offering is the only official program for qualified support from the maintainers. For more information book a meeting with the Ory team to **[discuss your needs](https://www.ory.sh/contact/)**!
## Directory Sync
Ory Polis also supports Directory Sync based on the SCIM 2.0 protocol.
Directory sync helps organizations automate the provisioning and de-provisioning of their users. As a result, it streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.
For complete documentation, visit the [Ory Polis documentation](https://ory.sh/docs/polis)
- [Ory Polis on the Ory Network](#ory-polis-on-the-ory-network)
- [Ory Polis On-premise support](#ory-polis-on-premise-support)
- [Directory Sync](#directory-sync)
- [What is Ory Polis?](#what-is-ory-polis)
- [Who is using it?](#who-is-using-it)
- [Get Started with Ory Polis](#get-started-with-ory-polis)
- [Installation](#installation)
- [Ecosystem](#ecosystem)
- [Ory Kratos: Identity and User Infrastructure and Management](#ory-kratos-identity-and-user-infrastructure-and-management)
- [Ory Hydra: OAuth2 & OpenID Connect Server](#ory-hydra-oauth2--openid-connect-server)
- [Ory Oathkeeper: Identity & Access Proxy](#ory-oathkeeper-identity--access-proxy)
- [Ory Keto: Access Control Policies as a Server](#ory-keto-access-control-policies-as-a-server)
- [End-to-End (E2E) tests](#end-to-end-e2e-tests)
- [Security](#security)
- [Disclosing vulnerabilities](#disclosing-vulnerabilities)
- [Telemetry](#telemetry)
- [Documentation](#documentation)
- [Guide](#guide)
- [HTTP API documentation](#http-api-documentation)
- [Upgrading and Changelog](#upgrading-and-changelog)
- [Develop](#develop)
## What is Ory Polis?
Ory Polis - formerly known as BoxyHQ Jackson - is an Enterprise Single Sign-On (SSO) service for SAML and OIDC identity providers.
It implements SSO as an OAuth 2.0 flow, abstracting away the complexities of the underlying SAML or OIDC protocol.
Ory Polis offers a range of features to simplify and secure enterprise SSO:
- SAML/OIDC Enterprise SSO: Implements Single Sign-On for SAML or OIDC Identity Providers, abstracting the underlying protocol
complexities and making it easy to connect with various enterprise identity systems.
- OAuth 2.0 flow abstraction: Presents the SSO process as a standard OAuth 2.0 flow. Ideal for developers already familiar with
OAuth 2.0 and OpenID Connect.
- Data ownership and control: As an open-source solution, Ory Polis allows you to host the service yourself, ensuring you maintain
full control over your data and your customers' identity information.
- Flexible database support (BYOD): Supports a "Bring Your Own Database" model. This includes built-in compatibility for databases
such as MySQL, MariaDB, Postgres, MongoDB, Redis, and PlanetScale, and works well with databases from major hosting providers.
- Modular design: Built with a modular architecture where business logic is separated into distinct controllers, enhancing
flexibility, maintainability, and the ability to adopt features incrementally.
We highly recommend reading the
[Ory Polis introduction docs](https://www.ory.sh/docs/polis) to learn more
about Ory Polis's background, feature set, and differentiation from other
products.
### Who is using it?
The Ory community stands on the shoulders of individuals, companies, and
maintainers. The Ory team thanks everyone involved - from submitting bug reports
and feature requests, to contributing patches and documentation. The Ory
community counts more than 50.000 members and is growing. The Ory stack protects
7.000.000.000+ API requests every day across thousands of companies. None of
this would have been possible without each and everyone of you!
The following list represents companies that have accompanied us along the way
and that have made outstanding contributions to our ecosystem. _If you think
that your company deserves a spot here, reach out to
office@ory.sh now_!
Name
Logo
Website
Case Study
OpenAI
openai.com
OpenAI Case Study
Fandom
fandom.com
Fandom Case Study
Lumin
luminpdf.com
Lumin Case Study
Sencrop
sencrop.com
Sencrop Case Study
OSINT Industries
osint.industries
OSINT Industries Case Study
HGV
hgv.it
HGV Case Study
Maxroll
maxroll.gg
Maxroll Case Study
Zezam
zezam.io
Zezam Case Study
T.RowePrice
troweprice.com
Mistral
mistral.ai
Axel Springer
axelspringer.com
Hemnet
hemnet.se
Cisco
cisco.com
Presidencia de la República Dominicana
presidencia.gob.do
Moonpig
moonpig.com
Booster
choosebooster.com
Zaptec
zaptec.com
Klarna
klarna.com
Raspberry PI Foundation
raspberrypi.org
Tulip
tulip.com
Hootsuite
hootsuite.com
Segment
segment.com
Arduino
arduino.cc
Sainsbury's
sainsburys.co.uk
Contraste
contraste.com
inMusic
inmusicbrands.com
Buhta
buhta.com
Amplitude
amplitude.com
Many thanks to all individual contributors
## Get Started with Ory Polis
There are two ways to integrate Ory Polis into an application. Depending on your use case, you can choose either of them.
1. [As a separate service](https://ory.sh/docs/polis/guides/service) ([Next.js](https://nextjs.org/) application) This includes an admin portal out of the box for managing SSO and Directory Sync connections.
2. [NPM library](https://ory.sh/docs/polis/guides/npm-library) as an embedded library in your application.
### Installation
Head over to the
[Ory Developer Documentation](https://ory.sh/docs/polis/install) to learn
how to install Ory Polis.
## Ecosystem
We build Ory on several guiding principles when it comes to our architecture
design:
- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors
Ory's architecture is designed to run best on a Container Orchestration system
such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are
small (5-15MB) and available for all popular processor types (ARM, AMD64, i386)
and operating systems (FreeBSD, Linux, macOS, Windows) without system
dependencies (Java, Node, Ruby, libxml, ...).
### Ory Kratos: Identity and User Infrastructure and Management
[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User
Management system that is built according to
[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy).
It implements core use cases that almost every software application needs to
deal with: Self-service Login and Registration, Multi-Factor Authentication
(MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
### Ory Hydra: OAuth2 & OpenID Connect Server
[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certifiedâ„¢ OAuth2 and
OpenID Connect Provider which easily connects to any existing identity system by
writing a tiny "bridge" application. It gives absolute control over the user
interface and user experience flows.
### Ory Oathkeeper: Identity & Access Proxy
[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust
Identity & Access Proxy (IAP) with configurable authentication, authorization,
and request mutation rules for your web services: Authenticate JWT, Access
Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
request; Encode resulting content into custom headers (`X-User-ID`), JSON Web
Tokens and more!
### Ory Keto: Access Control Policies as a Server
[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a
set of access control policies, similar to AWS IAM Policies, in order to
determine whether a subject (user, application, service, car, ...) is authorized
to perform a certain action on a resource.
## End-to-End (E2E) tests
Create a `.env.test.local` file and populate the values. To execute the tests run:
```zsh
npm run test:e2e
```
## Security
### Disclosing vulnerabilities
If you think you found a security vulnerability, please refrain from posting it
publicly on the forums, the chat, or GitHub. You can find all info for
responsible disclosure in our
[security.txt](https://www.ory.sh/.well-known/security.txt).
## Telemetry
Ory's services collect summarized, anonymized data that can optionally be turned
off. Click [here](https://www.ory.sh/docs/ecosystem/sqa) to learn more.
## Documentation
### Guide
The Guide is available [here](https://www.ory.sh/docs/polis).
### HTTP API documentation
The HTTP API is documented [here](https://www.ory.sh/docs/polis/reference/api).
### Upgrading and Changelog
New releases might introduce breaking changes. To help you identify and
incorporate those changes, we document these changes in the
[Releases](https://github.com/ory/polis/releases). For upgrading, please visit the
[upgrade guide](https://ory.sh/docs/polis/upgrade).
## Develop
We encourage all contributions and encourage you to read our
[contribution guidelines](./CONTRIBUTING.md)