The Dynamic Authentication Providers (DAP) feature in Duende IdentityServer (IDS) allows you to dynamically load an OIDC provider from a store during runtime without redeploying the solution.
If you want to load authentication providers in Duende IdentityServer dynamically, you must add the configuration directly to the database configuration.
This can be useful in the following scenarios, including:
- Multi-tenant applications: If your application serves multiple tenants, each bringing their own IdP
- Social logins: If you offer social login options, you can use the DAP feature to add new social providers without the need for a restart
This can be painful as you manually enter information into the database; this is highly error-prone with limited feedback. If you are using scripts, you must manage and keep them current. Either option can result in making mistakes and isn’t reliable when onboarding new providers.
With AdminUI’s new ability to dynamically configure and manage OIDC (OpenID Connect) Identity Providers (IdPs). Which you read via our release notes.
You can now dynamically add providers into AdminUI. As per other product areas, we provide a guided wizard to ensure you enter the mandatory information to get started.
Currently, as we support only OIDC with the AdminUI plugin, this would only work with OIDC-compatible IDPs like Google, with SAML IDP support coming for Q3 2023.
Below is an example diagram of using the DAP feature to provide federated identity with AzureAD:
Check out our documentation to learn more about adding and managing a dynamic provider.