What is FoxIDs?
FoxIDs is a Identity Services that easily allows you to implement Identity Management on your websites against a variety of industry standards (OAuth 2.0, OpenID Connect and SAML 2.0) and services like Microsoft, Google and Facebook, etc.
You can use FoxIDs as a Service (SaaS) or Host it yourself
Trusted by
Connect and orchestrate everything!
A tenant is a container, and once you have created your tenant, it's all about environments. Each environment is an Identity Provider (IdP) and it is independent of all the other environments. You build your IdP and set up connections in environments.
Connect environments to compose elements and connections. Support multiple login scenarios and transform user claims as needed.
Customize the user log in with multi-language support.
Authenticate with the user repository in a environment and optionally require MFA.
FoxIDs.com SaaS
Create a tenant with pre-configured test and production environments. You can remove and add more environments as you like.
Self-Hosted
You can deploy in your private cloud on Azure and use FoxIDs to manage your entire security infrastructure.
You will probably only want to configure one main tenant containing your test, QA and production environments.
Depending on the need you can also configure multiple tenants for separation.
| Environments and thus a User Stores | 3 |
5
Up to 10, price |
10
Unlimited, price |
|---|---|---|---|
| Custom Domain | |||
|
Applications and APIs
Web Application (OpenID Connect) Web Application (SAML 2.0) Single Page Application (OpenID Connect) Native Application (OpenID Connect) Backend Service Application (OAuth 2.0 Client) API (OAuth 2.0 Resource) Token Exchange (OAuth 2.0) |
|||
|
Client Authentication Methods
Client Secret Basic Client Secret Post Private Key JWT |
|||
|
Authentication Methods
User Login UI OpenID Provider (OpenID Connect) Identity Provider (SAML 2.0) Token Exchange Trust (OpenID Connect) Token Exchange Trust (SAML 2.0) Token Exchange Trust (OAuth 2.0) Environment Link |
|||
| Customize UI and Language | |||
| Claim Transformations | |||
| Key Vault Managed Certificates |
3
Up to 10, price |
3
Unlimited, price |
|
| Two-Factor Authentication (2FA/MFA) | |||
| Users | 1,000 |
1,000
Unlimited, price |
1,000
Unlimited, price |
| Authentications(1) per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
| Token Requests(2) per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
| Control API Reads per month | 5,000 |
5,000
Unlimited, price |
5,000
Unlimited, price |
| Control API Updates per month | 1,000 |
1,000
Unlimited, price |
1,000
Unlimited, price |
| SLA - Status | 98% | 99.9% | |
| Log Retention | 30 days | 30 days | 180 days |
| Prioritized Email Support | |||
| Consultants | Billed per 30 minutes | Billed per 30 minutes | Billed per 15 minutes with a 10% discount |
| Developer Q&A on Stack Overflow with tag 'foxids' |
If you are in EU outside Denmark, please provide the VAT number to avoid VAT. There is no VAT if you are outside EU. In Denmark the VAT is 25%.
Consultants are billed per 30 minutes at an hourly rate of €250.
Feel free to contact us [email protected], and please write us if you want to change plan.
1) Logins is counted for each environment and therefore counted multiple times if environments is connected. Logins is furthermore rated higher if additional logging is enabled.
2) Token requests is counted in each environment. Token requests can be counted multiple times if environments is connected with OpenID Connect. Token requests is furthermore rated higher if additional logging is enabled.
Free for development, testing, small companies, including personal projects and non-profit educational institutions, source code license.
| Self-Hosted Deployments | 1 | 5 | Unlimited |
|---|---|---|---|
| Tenants | 1 | 5 | Unlimited |
| Environments and thus a User Stores | 5 | Unlimited | Unlimited |
| Custom Domain | |||
|
Applications and APIs
Web Application (OpenID Connect) Web Application (SAML 2.0) Single Page Application (OpenID Connect) Native Application (OpenID Connect) Backend Service Application (OAuth 2.0 Client) API (OAuth 2.0 Resource) Token Exchange (OAuth 2.0) |
|||
|
Client Authentication Methods
Client Secret Basic Client Secret Post Private Key JWT |
|||
|
Authentication Methods
User Login UI OpenID Provider (OpenID Connect) Identity Provider (SAML 2.0) Token Exchange Trust (OpenID Connect) Token Exchange Trust (SAML 2.0) Token Exchange Trust (OAuth 2.0) Environment Link |
|||
| Customize UI and Language | |||
| Claim Transformations | |||
| Key Vault Managed Certificates | |||
| Two-Factor Authentication (2FA/MFA) | |||
| Users | Unlimited | Unlimited | Unlimited |
| Authentications per month | Unlimited | Unlimited | Unlimited |
| Token Requests per month | Unlimited | Unlimited | Unlimited |
| Control API Reads per month | Unlimited | Unlimited | Unlimited |
| Control API Updates per month | Unlimited | Unlimited | Unlimited |
| Log | |||
| Prioritized Email Support | |||
| Consultants | Billed per 30 minutes | Billed per 30 minutes | Billed per 15 minutes with a 10% discount |
| Developer Q&A on Stack Overflow with tag 'foxids' |
If you are in EU outside Denmark, please provide the VAT number to avoid VAT. There is no VAT if you are outside EU. In Denmark the VAT is 25%.
Consultants are billed per 30 minutes at an hourly rate of €250.
Feel free to contact us [email protected].
Why did we develop FoxIDs?
An identity service should include all necessary features to make secure applications and APIs and yet be affordable. The source code for the full feature set should be available. And the identity service should be cloud native and available on FoxIDs.com SaaS with close to full feature set in all plans at a low cost.
Authentication platform with MFA and support for OAuth 2.0, OpenID Connect and SAML 2.0.
SAML 2.0 to OpenID Connect bridge.
Use FoxIDs.com SaaS or deploy in your private cloud on Azure.
Unlimited tenants, environments, users, applications and authentication methods. Unlimited scape in Azure
Features and functions
A look at what's possible with FoxIDs
One single Identity Provider
You can benefit from having FoxIDs as one single identity provider when building applications. Development becomes simpler and more secure by using the same identity provider and security standards across all applications. Single sign-on is easier to achieve and APIs can be called securely from all applications.
FoxIDs will then handle user authentication with username+password and optionally MFA or transfer user ID's from users authenticated in an external identity provider such as Microsoft Entra ID (Azure AD), AD FS, IdentityServer, Google or Facebook or others supporting OpenID Connect or SAML 2.0.
The application can choose how the user should log in by setting a authentication method as a parameter in the URL.
OpenID Connect and SAML 2.0 applications
It is a common scenario to have OpenID Connect and SAML 2.0 applications in a enterprise architecture. You can connect both OpenID Connect and SAML 2.0 applications to FoxIDs and configure shared or separate login experiences.
Both single sign-on (SSO) and single logout is supported across different types of applications. And if a SAML 2.0 application needs to call an OAuth 2.0 secured API the SAML 2.0 token can be exchanged to an access token for the API.
Token Exchange
Tokens should be issued with lease privileges. If an application needs to call multiple APIs or API groups it is a good and secure approach to issue a separate access token for each API or API group. Use zero trust (never trust, always verify), validate that each API request is authenticated and authorized in context of the calling client and the end-user.
Initially a limited access token is issued which is granted access (with audience and scope) to be exchanged with token exchange to different API / API group access tokens with specific audiences and scopes.
The initial access token can be issued on user authentication in an OpenID Connect application or with client credentials grant in an OAuth 2.0 application.
And thereafter be exchanged to other access tokens.
It is recommended to pass the user's identity securely between APIs. With token exchange in an API, it is possible to issue an access token to another API and thereby calling the next API in the context of the end-user.
SAML 2.0 to OpenID Connect bridge
You can use FoxIDs as a SAML 2.0 to OpenID Connect bridge. Where FoxIDs handles the SAML 2.0 traffic to the external Identity Provider (IdP) and your application connects to FoxIDs with OpenID Connect. You basically only need care about OpenID Connect, the SAML 2.0 connection is handled by FoxIDs.
SAML 2.0 is tricky and an old standard with its shortcomings, and therefore it is often a better choice to use OpenID Connect in your application.
NemLog-in or Context Handler to OpenID Connect bridge
You can connect FoxIDs to NemLog-in (Danish IdP) or Context Handler (Danish identity broker, Fælleskommunal Adgangsstyring) without worrying about the complexity. FoxIDs handles everything related to the OIOSAML3 / SAML 2.0 connection and translate to OpenID Connect. The Danish privilege claim with a base64-decoded XML value can also be transfers to a claim with a readable JSON value.
Your application and possible API is then to connect to FoxIDs with OpenID Connect and OAuth 2.0, and the developer doesn't have to worry much about NemLog-in or Context Handler and all the requirements.