OpenStack Keystone

OpenStackSecurityFree tier available

Identity, authentication, and service-catalogue service — issues tokens, manages users and projects, federates with external identity providers (LDAP, SAML, OIDC), and exposes the service catalogue every other OpenStack project consumes for endpoint discovery

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore OpenStack in TreemapExplore security in HoneycombSee OpenStack regions on the World Map
DocumentationPricing

Sub-services (3)

Domains

Top-level identity boundaries containing projects and users

Federation

SAML2 and OIDC federation with external identity providers

Policies

RBAC policy framework consumed by every service for authorisation

Tags

identityiamsamlldapopen-source

Equivalent services on other platforms

AWS IAMAWS

Centralised identity and access management with users, groups, roles, and fine-grained JSON policies, MFA enforcement, identity federation, and IAM Access Analyzer

Microsoft Entra IDAzure

Cloud identity and access management (formerly Azure AD) with SSO, MFA, conditional access, B2B and B2C guest accounts, and privileged identity management

Cloud IAMGCP

Fine-grained identity and access management with predefined and custom roles, service accounts, workload identity federation, and audit logging

OCI Identity DomainsOracle

Enterprise identity-as-a-service covering workforce and customer identity with federation (SAML, OIDC), social sign-in, MFA, risk-based adaptive authentication, and delegated administration — the rebranded OCI IAM Identity Cloud Service

Pricing

Pricing model:free