Supported Authentication Providers

Customers in a self-hosted environment can configure an environment to use native authentication, one external identity provider, or both native authentication and one external identity provider.

The following external identity providers are supported:

• Microsoft Active Directory (MSAD)

• Lightweight Directory Access Protocol (LDAP)

• Three OpenID Connect (OIDC) identity providers:

  • Azure Active Directory (Azure AD)

  • Okta

  • PingFederate

• SAML 2.0 identity providers (for example, Okta, PingFederate, Active Directory Federation Services [ADFS], and Salesforce)

Customers in a OneStream-hosted environment can use OneStream IdentityServer for authentication. OneStream IdentityServer supports combinations of most OIDC compliant and SAML compliant external identity providers (IdPs) or native authentication coupled with external IdPs. This enhances user authentication by supporting multiple providers in one environment. See the Identity and Access Management Guidefor information about authentication with OneStream IdentityServer.