Soffid IAM

Soffid provides identity governance and access management in one platform: it issues tokens/assertions for web SSO (OIDC/OAuth and SAML), integrates with enterprise directories, and automates lifecycle via connectors (including SCIM). It supports federation patterns such as Soffid as IdP and external IdPs (OIDC/SAML), with documentation and UI flows for registering SAML/OIDC service providers.

Key Capabilities

• Standards-based federation (IdP/broker): Soffid IdP implements OpenID Connect and SAML 2.0; administrators can add both SAML and OIDC Service Providers and enable inter-realm bridging (e.g., OIDC-to-SAML cookie exchange).

• External IdP support: Can chain to external OAuth/OIDC or SAML IdPs (e.g., Google, AD FS) and send back SAML assertions to downstream Service Providers.

• Provisioning & connectors: Offers a SCIM connector for outbound provisioning to SCIM-enabled targets, plus a connectors catalog for directory, HR, and app integrations.

• Privileged Access Management (PAM): Includes a password vault for shared/privileged accounts and a published PAM implementation guide.

Limitations

• Advanced OAuth profiles: Public docs focus on core OIDC/OAuth 2.0; there is not enough public information to confirm support for PAR, DPoP, or mTLS-bound tokens/FAPI.

• SCIM directionality: Documentation confirms a SCIM connector (consumer/outbound) for target provisioning. However, there is no clear confirmation of a general-purpose inbound SCIM 2.0 provider with published schemas/endpoints.

• Federation depth & bridging: OIDC↔SAML bridging and IdP chaining are documented, but administrators should validate logout flows, session handling, and attribute mapping for complex multi-IdP topologies.

• Operational scope: While Soffid offers cloud hosting, many components (PAM, connectors, federation) still require manual configuration, governance design, and ongoing management, unlike fully managed SaaS IdPs.