OpenStack Keystone

Name: OpenStack Keystone
Brand: OpenStack

Identity, authentication, and service-catalogue service — issues tokens, manages users and projects, federates with external identity providers (LDAP, SAML, OIDC), and exposes the service catalogue every other OpenStack project consumes for endpoint discovery

FluffyStack tools

Add to Service Builder Add to Compare Compare with equivalents Explore OpenStack in Treemap Explore security in Honeycomb See security as a network Score jurisdiction exposure

Documentation Pricing OpenStack website

Jurisdictional exposure

Provider HQ

NoneAustin, USA (Foundation)

Sovereign option

No sovereign-flagged regions in the catalogue for this service.

Full scorecard for this service →Sovereign cloud coverage map →

Sub-services (3)

Domains

Top-level identity boundaries containing projects and users

Federation

SAML2 and OIDC federation with external identity providers

Policies

RBAC policy framework consumed by every service for authorisation

Equivalent services on other platforms

Alibaba Resource Access ManagementAlibaba

Alibaba Cloud's identity and access management service with users, groups, roles, fine-grained JSON policies, SAML 2.0 federation to enterprise IdPs, and Security Token Service for temporary credentials

AWS IAMAWS

Centralised identity and access management with users, groups, roles, and fine-grained JSON policies, MFA enforcement, identity federation, and IAM Access Analyzer

Amazon CognitoAWS

Customer identity and access management service with User Pools for sign-up and sign-in, Identity Pools for federated AWS credentials, social and SAML/OIDC federation, hosted UI, adaptive authentication, and advanced security risk scoring for consumer-scale apps

Microsoft Entra IDAzure

Cloud identity and access management (formerly Azure AD) with SSO, MFA, conditional access, B2B and B2C guest accounts, and privileged identity management

Unity CatalogDatabricks

Unified governance layer for data, analytics, and AI assets across all Databricks workspaces with fine-grained access control, data lineage, audit logging, and cross-cloud federation

Cloud IAMGCP

Fine-grained identity and access management with predefined and custom roles, service accounts, workload identity federation, and audit logging

Huawei Identity and Access ManagementHuawei

Centralised identity management for Huawei Cloud with users, user groups, role-based and fine-grained policies, federated identity via SAML/OIDC, MFA, and temporary credentials through Security Token Service

OCI Identity DomainsOracle

Enterprise identity-as-a-service covering workforce and customer identity with federation (SAML, OIDC), social sign-in, MFA, risk-based adaptive authentication, and delegated administration — the rebranded OCI IAM Identity Cloud Service

OCI Identity and Access ManagementOracle

Authentication and authorisation primitives for OCI — users, groups, policies, dynamic groups (instance principals), and federation. Policy language is Oracle-specific (more declarative than AWS IAM).

Outscale Identity (EIM)Outscale

Experimental Identity Management — IAM with users, groups, policies, federated access via SAML 2.0 / OIDC. AWS IAM-compatible policy syntax. Multi-factor authentication on the management console; access keys for programmatic use.

Tencent Cloud Access ManagementTencent

Tencent Cloud's identity and access management service with sub-accounts, user groups, roles, fine-grained JSON policies, SAML and OIDC federation, MFA, temporary credentials via Security Token Service, and cross-account role assumption

Pricing

Pricing model:free