Skip to main content
Altostrat Identity Provider (IDP) integrations let users log in using their existing accounts—reducing password fatigue and simplifying onboarding. You can configure various OAuth 2.0 or SSO providers to suit your organization’s needs.

Why Use External IDPs?

  • Single Sign-On (SSO): Streamline user authentication with corporate or social accounts.
  • Improved Security: Leverage well-established providers (e.g., Google, Microsoft Azure) with built-in MFA or domain control.
  • Reduced Overhead: Fewer credentials to manage means less admin work for your team.

Supported Identity Providers

ProviderDescription
Google CloudAllow logins with Google accounts (Gmail or corporate Google Workspace).
Microsoft Azure (Entra)Use Azure AD credentials; suits environments with Microsoft 365.
GitHub (IDP)Great for open-source or developer-oriented teams logging in via GitHub.
If you need another provider, Altostrat supports generic OAuth 2.0 setups that may work with Okta, Auth0, or other SSO platforms.

Creating an IDP Instance

1

Open Altostrat Integrations

From the dashboard, navigate to IntegrationsIdentity Providers.
2

Add a New IDP

Click Add or + New. Provide a Name (e.g., “GitHub SSO”).
3

Configure Client Credentials

Enter the Client ID, Client Secret, and any required Tenant/Domain details from your chosen provider. If you’re unsure, see:
4

Callback URL

Ensure the callback https://auth.altostrat.app/callback is registered in your provider’s console.
5

Save & Test

Click Save. Use a test user to attempt an OAuth login. If everything is correct, you’re good to go.

Editing or Removing an IDP

1

Locate the IDP Instance

Under Integrations → Identity Providers, find the one you want to modify.
2

Adjust Credentials or Remove

Update Client Secret if you rotate it, or remove the IDP if you no longer need it.
Deleting an IDP prevents any user relying on that method from logging in. Make sure you have alternative access for administrative tasks if needed.

Best Practices

  • Multiple IDPs: You can enable multiple providers so users can choose how to log in.
  • Policy Enforcement: Ensure you have Roles & Permissions set up for newly created users from any IDP.
  • Failover: Maintain at least one admin account with native Altostrat credentials in case external IDPs have outages or misconfigurations.
If you encounter issues, check the Orchestration Log or contact Altostrat Support for further assistance.
I