Identity & Policy / Identity Provider (IdP)
FR EN

Identity & Policy

Identity Provider (IdP)

Source of authority for human identities: it authenticates people and federates access to AI systems (OIDC, SAML, MFA).

Plane
Identity & Policy
Flow steps
2 · 3
Frameworks
NIST 800-53 · 800-207 · OWASP LLM06 · Anthropic ZTA

Technology

Why use it

Centralize user authentication and federate access, instead of managing accounts and passwords in every application.

Why it matters to security

Shrinks the authentication attack surface to a single hardened point: MFA, conditional access and revocation are applied once, everywhere.

Implementations OktaMicrosoft Entra IDPing IdentityKeycloakDuende IdentityServer

Identity is the new perimeter: no AI resource is reached without an authenticated, verified identity.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Centralized authentication via a single IdP; remove local accounts.
    NIST 800-53 IA-2 · IA-8 · AC-2
    A single authentication point eliminates shadow identities and scattered secrets, and gives one place to cut access.
  • MFA required for all access to AI systems.
    NIST 800-53 IA-2(1)
    Passwords alone resist neither phishing nor credential stuffing; MFA breaks reuse of a stolen secret.
  • Standard authentication protocols (OIDC / OAuth 2.0 / SAML).
    NIST 800-53 IA-8
    Standardized federation avoids home-grown integrations, a classic source of auth flaws.

Enterprise

Enterprise standard
  • Conditional access based on device posture and sign-in risk.
    NIST 800-53 AC-2(12) · SI-4 · IA-2
    The same user should not get the same rights from a healthy managed device and from an unknown risky one.
  • Phishing-resistant MFA (FIDO2 / passkeys).
    NIST 800-53 IA-2(1) · IA-2(2)
    One-time codes remain phishable; origin-bound keys (WebAuthn) do not.
  • Automated identity lifecycle (SCIM provisioning / deprovisioning).
    NIST 800-53 AC-2
    Automatic deprovisioning immediately closes the orphaned-account window after a departure.

Advanced

High-assurance / regulated
  • Continuous Access Evaluation (CAE) with near real-time revocation.
    NIST 800-53 AC-12NIST 800-207 §3.3
    A valid session stops being valid the moment a risk signal appears, without waiting for token expiry.
  • Identity-compromise detection wired to SIEM / SOAR.
    NIST 800-53 SI-4 · AC-2(12)
    Impossible-travel or anomalous logins trigger automated response rather than an ignored alert.
  • Access policies as code, tested and versioned.
    NIST 800-53 CM-3
    Treating access as code makes changes reviewed, traceable and reversible.

Architecture notes

  • Wire the IdP to the PDP; don't let it decide alone.details ▸
    The IdP authenticates; the PDP authorizes.
    Passing posture and risk from the IdP to the PDP enables a context-aware authorization decision instead of plain 'logged in = allowed'.

References

NIST SP 800-53 Rev5
IA-2 (Identification & Authentication), IA-8 (Non-org users), AC-2 (Account Management), AC-12 (Session Termination), SI-4 (System Monitoring).
NIST SP 800-207
§3.3 — continuous diagnostics and continuous access evaluation.
Anthropic ZTA
Strong human-identity authentication as the foundation of Zero-Trust for AI.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone