Understand Authentication
How Authentication Works
Understand the shared authentication pipeline across all 5 Orchestrator modes — from request interception through session establishment
Choosing a Mode
Compare OIDC Provider, SAML Provider, HTTP Proxy, LDAP Provider, and AI Identity Gateway side-by-side to pick the right mode
Step-by-Step Guides
SSO with OIDC
Configure the Orchestrator as an OIDC Provider — connect your identity provider, define an OIDC app, map claims, and issue tokens to your application
Federate SAML Apps
Federate enterprise SAML applications through the Orchestrator as a SAML Provider — configure connectors, register relying parties, and map assertion attributes
Add SSO to Web Apps
Deploy the Orchestrator as an identity-aware reverse proxy — protect legacy applications with header-based authentication, no code changes required
Modernize LDAP Auth
Configure the Orchestrator as a virtual LDAP directory — authenticate LDAP-dependent applications against modern cloud identity providers
IdP Migration
Migrate between identity providers with zero downtime — configure dual connectors with Continuity-based failover and attribute normalization
Identity Continuity
Set up automatic IdP failover with health monitoring, Schema Abstraction Layer, and simulation testing
Related Pages
OIDC Provider Reference
Complete configuration reference for the Orchestrator’s OIDC Provider mode — claims, scopes, and token settings
Identity Fabric Reference
Supported identity providers and connector configuration for Azure AD, Okta, Auth0, and more
Authorization Reference
Rule-based access control with enforcement behavior, per-mode differences, and real-world patterns
Sessions Reference
Session management, lifetime configuration, and how sessions integrate with authentication
AI Guides
Secure AI agent access to APIs and MCP tools with identity, authorization, and audit