An identity provider is responsible for securely storing the identities of an application's users. Identity providers are also responsible for verifying user identities with strong authentication methods, in order to authorize users to access the application. An application's security is only as strong as the weakest security practices of identity provider software, therefore MindTouch highly recommends the use of a reputable third party identity provider vendor such as Okta, OneLogin, or Ping Identity.
All MindTouch sites provide a local identity provider that displays the built-in authentication experience, a username/password sign in form located at
Special:UserLogin. The MindTouch Control Panel provides user and group management for this local identity provider.
The sign in experience for third party identity providers are not limited to username/password combinations. They can implement multi-factor authentication (MFA), physical keys, or even biometric authentication. An integration between a MindTouch site and third party identity provider is referred to as identity provider service.