Document Polaris Integration with Third-Party Identity Providers (IDPs)

[flyrain]

We need to document how Polaris integrates with third-party Identity Providers (IDPs) to support authentication and authorization workflows.

What to Cover:

Integration Overview

• High-level flow of how Polaris delegates authentication to external IDPs
• Supported protocols (e.g., OIDC, SAML)

Setup Instructions

• Step-by-step guide for integrating with common IDPs (e.g., Okta, Auth0, Azure AD)
• How to register Polaris as a client application with the IDP
• Required configuration fields (e.g., client ID, secret, redirect URIs)
• Polaris-side configuration (env variables, config files, etc.)

Potential Code Changes

• Highlight any parts of Polaris that might require customization or extension for integration
• Where hooks or plugins might be inserted for custom logic

Identifier Sync

• Outline options for syncing user identifiers or roles
  • Manual user provisioning
  • Automatic sync (e.g., via SCIM or IDP claims)
• Best practices for mapping IDP groups/roles to Polaris permissions

[adutra]

This feature is currently not available for Polaris at all, so it's not just a matter of documentation, it's a matter of implementing the feature.

The only way today would be to implement a custom Authenticator and TokenBroker – but with just Polaris OSS code, it's impossible. And implementing a proper authentication layer with OAuth2 token introspection, JWT claim mapping and all that jazz, is not really a trivial task.

This issue is possibly a duplicate of:

#336

Also related:

#12
#441

[flyrain]

It's not only a doc change for sure as complete solution. Given this is highly demanded feature, I think it's still valuable to document workarounds before #441 was implemented. So that users can try to integrate by themselves.

[adutra]

This has been partially addressed by #2013, although that PR does not cover how to setup the IDP for Polaris (users, groups, roles, etc.) or how to integrate with common IDPs (Okta, Azure AD, etc.).

@flyrain is it OK to close this, or do you think we should improve the current docs with the missing items?

cc @markhoerth

[flyrain]

Closed this as #2013 fixed it.

[adutra]

FYI I'm adding a getting-started example: #2244