Chat |
Discussions |
Newsletter
Guide |
API Docs |
Support this project!
Work in Open Source, Ory is hiring!
Ory Polis - formerly known as BoxyHQ Jackson - bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect, abstracting away all the complexities of the SAML protocol. It also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. Ory Polis also supports OpenID Connect providers.
The Ory Network is the fastest, most secure and worry-free way to use Ory's Services. SAML & SCIM on Ory Network are powered by Ory Polis.
The Ory Network provides the infrastructure for modern end-to-end security:
- Identity & credential management scaling to billions of users and devices
- Registration, Login and Account management flows for passkey, biometric, social, SSO and multi-factor authentication
- Pre-built login, registration and account management pages and components
- OAuth2 and OpenID provider for single sign on, API access and machine-to-machine authorization
- Low-latency permission checks based on Google's Zanzibar model and with built-in support for the Ory Permission Language
- SAML, SCIM, and complex Enterprise SSO capabilities
It's fully managed, highly available, developer & compliance-friendly!
- GDPR-friendly secure storage with data locality
- Cloud-native APIs, compatible with Ory's Open Source servers
- Comprehensive admin tools with the web-based Ory Console and the Ory Command Line Interface (CLI)
- Extensive documentation, straightforward examples and easy-to-follow guides
- Fair, usage-based pricing
Sign up for a free developer account today!
Are you running Ory Polis in a mission-critical, commercial environment? The Ory Enterprise License (OEL) provides enhanced features, security, and expert support directly from the Ory core maintainers.
Organizations that require advanced features, enhanced security, and enterprise-grade support for Ory's identity and access management solutions benefit from the Ory Enterprise License (OEL) as a self-hosted, premium offering including:
- Additional features not available in the open-source version.
- Regular releases that address CVEs and security vulnerabilities, with strict SLAs for patching based on severity.
- Support for advanced scaling and multi-tenancy features.
- Premium support options, including SLAs, direct engineer access, and concierge onboarding.
- Access to private Docker registry for a faster, more reliable access to vetted enterprise builds.
A valid Ory Enterprise License and access to the Ory Enterprise Docker Registry are required to use these features. OEL is designed for mission-critical, production, and global applications where organizations need maximum control and flexibility over their identity infrastructure. Ory's offering is the only official program for qualified support from the maintainers. For more information book a meeting with the Ory team to discuss your needs!
Ory Polis also supports Directory Sync based on the SCIM 2.0 protocol.
Directory sync helps organizations automate the provisioning and de-provisioning of their users. As a result, it streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.
For complete documentation, visit the Ory Polis documentation
- Ory Polis on the Ory Network
- Ory Polis On-premise support
- Directory Sync
- What is Ory Polis?
- Get Started with Ory Polis
- Ecosystem
- End-to-End (E2E) tests
- Security
- Telemetry
- Documentation
- Develop
Ory Polis - formerly known as BoxyHQ Jackson - is an Enterprise Single Sign-On (SSO) service for SAML and OIDC identity providers. It implements SSO as an OAuth 2.0 flow, abstracting away the complexities of the underlying SAML or OIDC protocol. Ory Polis offers a range of features to simplify and secure enterprise SSO:
- SAML/OIDC Enterprise SSO: Implements Single Sign-On for SAML or OIDC Identity Providers, abstracting the underlying protocol complexities and making it easy to connect with various enterprise identity systems.
- OAuth 2.0 flow abstraction: Presents the SSO process as a standard OAuth 2.0 flow. Ideal for developers already familiar with OAuth 2.0 and OpenID Connect.
- Data ownership and control: As an open-source solution, Ory Polis allows you to host the service yourself, ensuring you maintain full control over your data and your customers' identity information.
- Flexible database support (BYOD): Supports a "Bring Your Own Database" model. This includes built-in compatibility for databases such as MySQL, MariaDB, Postgres, MongoDB, Redis, and PlanetScale, and works well with databases from major hosting providers.
- Modular design: Built with a modular architecture where business logic is separated into distinct controllers, enhancing flexibility, maintainability, and the ability to adopt features incrementally.
We highly recommend reading the Ory Polis introduction docs to learn more about Ory Polis's background, feature set, and differentiation from other products.
The Ory community stands on the shoulders of individuals, companies, and maintainers. The Ory team thanks everyone involved - from submitting bug reports and feature requests, to contributing patches and documentation. The Ory community counts more than 50.000 members and is growing. The Ory stack protects 7.000.000.000+ API requests every day across thousands of companies. None of this would have been possible without each and everyone of you!
The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our ecosystem. If you think that your company deserves a spot here, reach out to office@ory.sh now!
| Name | Logo | Website | Case Study |
|---|---|---|---|
| OpenAI |
|
openai.com | OpenAI Case Study |
| Fandom |
|
fandom.com | Fandom Case Study |
| Lumin |
|
luminpdf.com | Lumin Case Study |
| Sencrop |
|
sencrop.com | Sencrop Case Study |
| OSINT Industries |
|
osint.industries | OSINT Industries Case Study |
| HGV |
|
hgv.it | HGV Case Study |
| Maxroll |
|
maxroll.gg | Maxroll Case Study |
| Zezam |
|
zezam.io | Zezam Case Study |
| T.RowePrice |
|
troweprice.com | |
| Mistral |
|
mistral.ai | |
| Axel Springer |
|
axelspringer.com | |
| Hemnet |
|
hemnet.se | |
| Cisco |
|
cisco.com | |
| Presidencia de la República Dominicana |
|
presidencia.gob.do | |
| Moonpig |
|
moonpig.com | |
| Booster |
|
choosebooster.com | |
| Zaptec |
|
zaptec.com | |
| Klarna |
|
klarna.com | |
| Raspberry PI Foundation |
|
raspberrypi.org | |
| Tulip |
|
tulip.com | |
| Hootsuite |
|
hootsuite.com | |
| Segment |
|
segment.com | |
| Arduino |
|
arduino.cc | |
| Sainsbury's |
|
sainsburys.co.uk | |
| Contraste |
|
contraste.com | |
| inMusic |
|
inmusicbrands.com | |
| Buhta |
|
buhta.com | |
| Amplitude |
|
amplitude.com | |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Many thanks to all individual contributors
There are two ways to integrate Ory Polis into an application. Depending on your use case, you can choose either of them.
- As a separate service (Next.js application) This includes an admin portal out of the box for managing SSO and Directory Sync connections.
- NPM library as an embedded library in your application.
Head over to the Ory Developer Documentation to learn how to install Ory Polis.
We build Ory on several guiding principles when it comes to our architecture design:
- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors
Ory's architecture is designed to run best on a Container Orchestration system such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...).
Ory Kratos is an API-first Identity and User Management system that is built according to cloud architecture best practices. It implements core use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor Authentication (MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
Ory Hydra is an OpenID Certifiedâ„¢ OAuth2 and OpenID Connect Provider which easily connects to any existing identity system by writing a tiny "bridge" application. It gives absolute control over the user interface and user experience flows.
Ory Oathkeeper is a BeyondCorp/Zero Trust
Identity & Access Proxy (IAP) with configurable authentication, authorization,
and request mutation rules for your web services: Authenticate JWT, Access
Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
request; Encode resulting content into custom headers (X-User-ID), JSON Web
Tokens and more!
Ory Keto is a policy decision point. It uses a set of access control policies, similar to AWS IAM Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action on a resource.
Create a .env.test.local file and populate the values. To execute the tests run:
npm run test:e2eIf you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub. You can find all info for responsible disclosure in our security.txt.
Ory's services collect summarized, anonymized data that can optionally be turned off. Click here to learn more.
The Guide is available here.
The HTTP API is documented here.
New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in the Releases. For upgrading, please visit the upgrade guide.
We encourage all contributions and encourage you to read our contribution guidelines
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
