diff --git a/docs/admin/configuration/authentication-and-user-management/index.md b/docs/admin/configuration/authentication-and-user-management/index.md index 5aa4d250..9944e0cb 100644 --- a/docs/admin/configuration/authentication-and-user-management/index.md +++ b/docs/admin/configuration/authentication-and-user-management/index.md @@ -4,18 +4,44 @@ title: 'Authentication and Identity Management' # Authentication and Identity Management -OpenCloud employs a dual-track authentication strategy: +OpenCloud offers two ways to handle user authentication: 1. **Built-in IDP (Identity Provider)**: - - Based on LibreGraph Connect (lico) + - Based on LibreGraph Connect (Lico) - Targeted at smaller installations (up to 500 users) - Designed for standalone or small deployments -2. **External Identity Providers**: +2. **External IDP**: - Keycloak as the recommended OIDC provider for larger installations - Support for Azure AD, EntraID, ADFS through Keycloak - Enterprise-focused solution +## Your Use Cases + +### Choose Lico if you need + +- A simple, lightweight and minimal OpenID Connect Provider +- Small to medium deployments +- Minimal resource footprint +- Quick setup with basic features +- Ideal for development environment +- No Multifactor Authentication (MFA) and migration path to other IDPs + +### Choose Keycloak if you need + +- Enterprise-grade IAM solution +- Complex authorization requirements +- Multifactor Authentication +- Advanced user federation +- Fine-grained permissions +- Multiple authentication methods +- Large-scale deployments +- Commercial support options + +### Bottom Line + +Keycloak is a comprehensive, enterprise-ready IAM platform with extensive features including SSO, user federation, and support for multiple protocols like OpenID Connect, OAuth 2.0, and SAML, while Lico is a lightweight OpenID Connect provider with integrated web login and consent forms, designed as a simpler alternative for smaller installations. Keycloak offers more features but requires more resources and expertise, while Lico provides a minimalist approach suitable for basic authentication needs. + ## Authentication with Keycloak For production environments, we recommend using Keycloak with LDAP integration. This setup provides a robust authentication system that can scale to enterprise needs.