Ferriskey
Identity Provider Federation

Abyss

Read the docs All modules

Key capabilities

OAuth2 & OIDC

Connect any OAuth2 or OpenID Connect provider — Google, GitHub, Discord, Azure AD, or a custom corporate IdP.

Auto Provisioning

New users are automatically created in FerrisKey on first federation login — no manual user creation required.

Account Linking

A user can link multiple providers to the same FerrisKey account — Google and GitHub pointing to one identity.

Attribute Mapping

Map external claims (email, name, preferred_username) to FerrisKey user fields with required/optional rules.

Secret Encryption

Client secrets are encrypted at rest and never exposed in plaintext through the admin API.

Per-Realm Config

Each realm has its own provider registry. Isolate SSO configuration between tenants or environments.

How it works

1

User chooses provider

On the login page, the user selects an external provider (e.g. "Sign in with Google").

2

Redirected to IdP

FerrisKey builds the OAuth2 authorization URL and redirects the user to the external provider.

3

Callback processed

The IdP redirects back with an authorization code. Abyss exchanges it for tokens and fetches user attributes.

4

User provisioned

Abyss matches or creates a FerrisKey user, applies attribute mappings, and issues FerrisKey tokens.

Ready to use Abyss?

Full reference, configuration options, and examples in the documentation.

Open docs

Other modules

Trident

Multi-Factor Authentication

SeaWatch

Audit & Security Events

Compass

Authentication Flow Engine

Aegis

Scopes & Protocol Mappers

Webhooks

Event-Driven Extensibility