What identity providers can be used in OutSystems apps?

Table of contents

  1. Identity provider connectors
  2. Extending the platform to connect to other identity providers or protocols

Out-of-the-box OutSystems supports a number of different identity providers and protocols for your apps:

  • Built-in: OutSystems securely stores the user information. Users are authenticated with the built-in authentication mechanism. This is the fastest way to get started since it requires no configuration.
  • Active Directory: When users try to authenticate in an application, the application delegates the authentication to the Active Directory domain controller. Windows integrated authentication using NTLM or Kerberos. This is handled behind the scenes so users don't have to type their credentials.
  • LDAP: When users try to authenticate in an application, the application delegates the authentication to the LDAP server.
  • Azure AD: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by the Azure AD Identity Provider.
  • OKTA: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by OKTA.
  • SAML 2.0: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by any commercial Identity Provider that supports SAML such as OneLogin or PingFederated.

Identity provider connectors


In addition to the built-in authentication connectors, more are available in the forge that can be easily installed. This enables organizations to configure OutSystems authentication mechanisms to work with their enterprise authentication platform. The available connectors support protocols such as OpenID Connect (OIDC) or OAuth2.:

Extending the platform to connect to other identity providers or protocols


If the desired identity provider is not available out-of-the-box or in the Forge, a development team can easily extend the built-in OutSystems authentication flow.

In order to accelerate development, teams can leverage third-party libraries that already implement the desired protocol, and integrate these with the built-in authentication. These libraries may implement complex encoding algorithms, or the full authentication flow.

In order to accelerate development, teams can leverage third-party libraries that already implement the desired protocol, and integrate these with the built-in authentication. These libraries may implement complex encoding algorithms, or the full authentication flow.

OutSystems supports multiple authentication flows. This provides the flexibility for organizations to have different authentication flows for certain applications, or to have one centralized authentication flow for all applications.

Please check the following Learning Course to get specific guidance on how-to extend OutSystems authentication flows.