Why use an external identity provider?

Using Claris ID to authenticate to Claris Studio and other Claris products allows for a simple, seamless sign-in experience across all products. It's a fantastic option for those without an existing external identity provider (IdP), those looking for quicker deployments of Claris Studio or where an external IdP is unnecessary, or those who need lower administrative overhead and maintenance for managing an external authentication system.

With that said, there are still a few reasons why you may prefer using an external IdP for authentication.

Single sign-on (SSO) and centralized identity management

Your organization may have an existing IdP such as Microsoft Entra ID (formerly Azure AD), Okta, or Google Identity. Using Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) allows users to sign in with their corporate credentials, enabling seamless SSO across multiple applications while maintaining centralized authentication policies.

Enhanced security and compliance

By integrating with an existing IdP, you can enforce stronger multi-factor authentication (MFA), conditional access policies, and security protocols that align with your industry’s compliance requirements (for example GDPR, HIPAA, or SOC 2).

User provisioning and role management

Using SAML or OIDC, your IT team can automate user provisioning and role assignments based on directory group membership, which can potentially make user management more efficient compared to manually managing users within Claris Studio.

Federated authentication across multiple applications

If your organization uses multiple business applications, you can federate authentication via SAML or OIDC to reduce the need for multiple sign in credentials. This can improve the user experience by eliminating the need for users to remember multiple passwords.

Avoiding vendor lock-in

Your business may prefer identity provider flexibility and doesn't want to rely entirely on Claris ID for authentication. Using SAML or OIDC ensures you can switch identity providers without disrupting authentication across integrated applications.

Custom branding and authentication flow control

With external IdPs, you can customize the sign in experience, branding, and authentication workflows, for example custom sign in pages, social sign ins, or additional security prompts.

Access control for external or partner users

If you work with external contractors, partners, or customers, then you may prefer to authenticate them via an existing IdP federation setup instead of manually managing access through Claris Studio.

Conclusion

For smaller teams or simpler setups, Claris ID is the most practical choice. Your decision to choose an external IdP that uses either SAML or OIDC over Claris ID will likely be about security, scalability, efficiency, and flexibility. If you have established identity infrastructures, then it may be more beneficial to use an external IdP for centralized user management, enhanced security policies, and a unified authentication experience across applications.