(My) Identity Crisis: Ory Stack vs Others

Hello! I’ve been trying to find some explanation and guidance in my current task. I understand OAuth2’s flow and objective, as well as OpenID (Connect) layer on top of it. I’m struggling to make sense of the different terminologies regarding Identity (Provider vs Management) and others.

Scenario: The company provides a service for a business, that business has several employees with different ranks, and each can use different systems/softwares/services from the company. The idea is to have a Single-Sign-On system (and also a single identity?), so it’s easy to purge access if necessary. From this description it appears that I need a Customer Identity & Access Management, right?

I came across multiples options, including Ory, Keycloak, IdentityServer, FusionAuth, Gluu, Vault (from HashiCorp), Authelia and Dex. The problem is that they use different terminology, and I’m not sure exactly what I need?

Maybe I need a Federated Identity Management and each service from the company uses it? Can it be done with one of the softwares I mentioned? Or can you recommend another (OSS, self hosted)?

  • Ory doesn’t come with an identity management server (or Identity Provider, what’s the difference?) but it appears to function without it? What am I missing? What can I use it to fill the void?
  • Gluu looks very complete but I don’t see many people talking about it? What’s the deal?
  • Vault is something that looks very powerful, they appear to have identity but I don’t think they do what I need from them? A little bit hackish ?
  • Keycloak looks hard to setup and customize, but might do the job? Some people recommended Ory instead of Keycloak, so I assumed they were equivalent but I’ve seen people saying they are using both ?

Have you ever gone through something similar? I appreciate any bit of knowledge that I can get!

1 Like