🔥 Streamline your web application's authentication with Jackson, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩
Ory polis - Open source Enterprise SSO and Directory Sync
Chat |
Discussions |
Newsletter
Guide |
API Docs |
Support this project!
Work in Open Source, Ory is hiring!
Ory Polis - formerly known as BoxyHQ Jackson - bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect, abstracting away all the complexities of the SAML protocol. It also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. Ory Polis also supports OpenID Connect providers.
Ory Polis on the Ory Network
The Ory Network is the fastest, most secure and
worry-free way to use Ory’s Services. SAML & SCIM on Ory Network are powered by Ory Polis.
The Ory Network provides the infrastructure for modern end-to-end security:
- Identity & credential management scaling to billions of users and devices
- Registration, Login and Account management flows for passkey, biometric,
social, SSO and multi-factor authentication - Pre-built login, registration and account management pages and components
- OAuth2 and OpenID provider for single sign on, API access and
machine-to-machine authorization - Low-latency permission checks based on Google’s Zanzibar model and with
built-in support for the Ory Permission Language - SAML, SCIM, and complex Enterprise SSO capabilities
It’s fully managed, highly available, developer & compliance-friendly!
- GDPR-friendly secure storage with data locality
- Cloud-native APIs, compatible with Ory’s Open Source servers
- Comprehensive admin tools with the web-based Ory Console and the Ory Command
Line Interface (CLI) - Extensive documentation, straightforward examples and easy-to-follow guides
- Fair, usage-based pricing
Sign up for a
free developer account
today!
Ory Polis On-premise support
Are you running Ory Polis in a mission-critical, commercial environment? The Ory Enterprise License (OEL) provides enhanced features, security, and expert support directly from the Ory core maintainers.
Organizations that require advanced features, enhanced security, and enterprise-grade support for Ory’s identity and access management solutions benefit from
the Ory Enterprise License (OEL) as a self-hosted, premium offering including:
- Additional features not available in the open-source version.
- Regular releases that address CVEs and security vulnerabilities, with strict SLAs for patching based on severity.
- Support for advanced scaling and multi-tenancy features.
- Premium support options, including SLAs, direct engineer access, and concierge onboarding.
- Access to private Docker registry for a faster, more reliable access to vetted enterprise builds.
A valid Ory Enterprise License and access to the Ory Enterprise Docker Registry are required to use these features. OEL is designed for mission-critical, production, and global applications where organizations need maximum control and flexibility over their identity infrastructure. Ory’s offering is the only official program for qualified support from the maintainers. For more information book a meeting with the Ory team to discuss your needs!
Directory Sync
Ory Polis also supports Directory Sync based on the SCIM 2.0 protocol.
Directory sync helps organizations automate the provisioning and de-provisioning of their users. As a result, it streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.
For complete documentation, visit the Ory Polis documentation
- Ory Polis on the Ory Network
- Ory Polis On-premise support
- Directory Sync
- What is Ory Polis?
- Get Started with Ory Polis
- Ecosystem
- End-to-End (E2E) tests
- Security
- Telemetry
- Documentation
- Develop
What is Ory Polis?
Ory Polis - formerly known as BoxyHQ Jackson - is an Enterprise Single Sign-On (SSO) service for SAML and OIDC identity providers.
It implements SSO as an OAuth 2.0 flow, abstracting away the complexities of the underlying SAML or OIDC protocol.
Ory Polis offers a range of features to simplify and secure enterprise SSO:
- SAML/OIDC Enterprise SSO: Implements Single Sign-On for SAML or OIDC Identity Providers, abstracting the underlying protocol
complexities and making it easy to connect with various enterprise identity systems. - OAuth 2.0 flow abstraction: Presents the SSO process as a standard OAuth 2.0 flow. Ideal for developers already familiar with
OAuth 2.0 and OpenID Connect. - Data ownership and control: As an open-source solution, Ory Polis allows you to host the service yourself, ensuring you maintain
full control over your data and your customers’ identity information. - Flexible database support (BYOD): Supports a “Bring Your Own Database” model. This includes built-in compatibility for databases
such as MySQL, MariaDB, Postgres, MongoDB, Redis, and PlanetScale, and works well with databases from major hosting providers. - Modular design: Built with a modular architecture where business logic is separated into distinct controllers, enhancing
flexibility, maintainability, and the ability to adopt features incrementally.
We highly recommend reading the
Ory Polis introduction docs to learn more
about Ory Polis’s background, feature set, and differentiation from other
products.
Who is using it?
The Ory community stands on the shoulders of individuals, companies, and
maintainers. The Ory team thanks everyone involved - from submitting bug reports
and feature requests, to contributing patches and documentation. The Ory
community counts more than 50.000 members and is growing. The Ory stack protects
7.000.000.000+ API requests every day across thousands of companies. None of
this would have been possible without each and everyone of you!
The following list represents companies that have accompanied us along the way
and that have made outstanding contributions to our ecosystem. If you think
that your company deserves a spot here, reach out to
[email protected] now!
| Name | Logo | Website | Case Study |
|---|---|---|---|
| OpenAI |
|
openai.com | OpenAI Case Study |
| Fandom |
|
fandom.com | Fandom Case Study |
| Lumin |
|
luminpdf.com | Lumin Case Study |
| Sencrop |
|
sencrop.com | Sencrop Case Study |
| OSINT Industries |
|
osint.industries | OSINT Industries Case Study |
| HGV |
|
hgv.it | HGV Case Study |
| Maxroll |
|
maxroll.gg | Maxroll Case Study |
| Zezam |
|
zezam.io | Zezam Case Study |
| T.RowePrice |
|
troweprice.com | |
| Mistral |
|
mistral.ai | |
| Axel Springer |
|
axelspringer.com | |
| Hemnet |
|
hemnet.se | |
| Cisco |
|
cisco.com | |
| Presidencia de la RepĂşblica Dominicana |
|
presidencia.gob.do | |
| Moonpig |
|
moonpig.com | |
| Booster |
|
choosebooster.com | |
| Zaptec |
|
zaptec.com | |
| Klarna |
|
klarna.com | |
| Raspberry PI Foundation |
|
raspberrypi.org | |
| Tulip |
|
tulip.com | |
| Hootsuite |
|
hootsuite.com | |
| Segment |
|
segment.com | |
| Arduino |
|
arduino.cc | |
| Sainsbury's |
|
sainsburys.co.uk | |
| Contraste |
|
contraste.com | |
| inMusic |
|
inmusicbrands.com | |
| Buhta |
|
buhta.com | |
| Amplitude |
|
amplitude.com | |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Many thanks to all individual contributors
Get Started with Ory Polis
There are two ways to integrate Ory Polis into an application. Depending on your use case, you can choose either of them.
- As a separate service (Next.js application) This includes an admin portal out of the box for managing SSO and Directory Sync connections.
- NPM library as an embedded library in your application.
Installation
Head over to the
Ory Developer Documentation to learn
how to install Ory Polis.
Ecosystem
We build Ory on several guiding principles when it comes to our architecture
design:
- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors
Ory’s architecture is designed to run best on a Container Orchestration system
such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are
small (5-15MB) and available for all popular processor types (ARM, AMD64, i386)
and operating systems (FreeBSD, Linux, macOS, Windows) without system
dependencies (Java, Node, Ruby, libxml, …).
Ory Kratos: Identity and User Infrastructure and Management
Ory Kratos is an API-first Identity and User
Management system that is built according to
cloud architecture best practices.
It implements core use cases that almost every software application needs to
deal with: Self-service Login and Registration, Multi-Factor Authentication
(MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
Ory Hydra: OAuth2 & OpenID Connect Server
Ory Hydra is an OpenID Certified™ OAuth2 and
OpenID Connect Provider which easily connects to any existing identity system by
writing a tiny “bridge” application. It gives absolute control over the user
interface and user experience flows.
Ory Oathkeeper: Identity & Access Proxy
Ory Oathkeeper is a BeyondCorp/Zero Trust
Identity & Access Proxy (IAP) with configurable authentication, authorization,
and request mutation rules for your web services: Authenticate JWT, Access
Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
request; Encode resulting content into custom headers (X-User-ID), JSON Web
Tokens and more!
Ory Keto: Access Control Policies as a Server
Ory Keto is a policy decision point. It uses a
set of access control policies, similar to AWS IAM Policies, in order to
determine whether a subject (user, application, service, car, …) is authorized
to perform a certain action on a resource.
End-to-End (E2E) tests
Create a .env.test.local file and populate the values. To execute the tests run:
npm run test:e2e
Security
Disclosing vulnerabilities
If you think you found a security vulnerability, please refrain from posting it
publicly on the forums, the chat, or GitHub. You can find all info for
responsible disclosure in our
security.txt.
Telemetry
Ory’s services collect summarized, anonymized data that can optionally be turned
off. Click here to learn more.
Documentation
Guide
The Guide is available here.
HTTP API documentation
The HTTP API is documented here.
Upgrading and Changelog
New releases might introduce breaking changes. To help you identify and
incorporate those changes, we document these changes in the
Releases. For upgrading, please visit the
upgrade guide.
Develop
We encourage all contributions and encourage you to read our
contribution guidelines