An identity provider is responsible for securely storing the identities of an application's users. Identity providers are also responsible for verifying user identities with strong authentication methods, in order to authorize users to access the application. An application's security is only as strong as the weakest security practices of identity provider software, therefore MindTouch highly recommends the use of a reputable third party identity provider vendor such as Okta, OneLogin, or Ping Identity.
All MindTouch sites provider a local identity provider that displays the built-in authentication experience, a username/password sign in form.
The sign in experience for third party identity providers are not limited to username/password combinations. They can implement multi-factor authentication (MFA), physical keys, or even biometric authentication. An integration between a MindTouch site and third party identity provider is referred to as identity provider service.