It sounds like you’re conflating IDPs with other technology.
Istio is a service mesh that can be used to bolt on a proxy that requires authz/authn, but Istio itself is not managing the users or groups. It communicates with whatever IDP was chosen.
I recommend first deciding on which protocol you wish to use for authn/authz.
Some choices are:
- OIDC
- SAML
- OAuth
Most of the protocols have different configuration strategies depending on the application (i.e mobile vs cli tool vs webapp).
The protocols will enable you to create an RBAC system, but the actual implementation of RBAC is done application side not within the IDP.
One of the biggest factors in choosing a solution will be cost. SaaS IDPs become incredibly expensive at social media level of scale (10k+ users).
Personally I recommend starting out in a SaaS IDP and migrating your users to a self hosted service later if needed. As long as you leverage a well supported protocol the migration shouldn’t be _too_ difficult.
Istio is a service mesh that can be used to bolt on a proxy that requires authz/authn, but Istio itself is not managing the users or groups. It communicates with whatever IDP was chosen.
I recommend first deciding on which protocol you wish to use for authn/authz.
Some choices are:
- OIDC
- SAML
- OAuth
Most of the protocols have different configuration strategies depending on the application (i.e mobile vs cli tool vs webapp).
The protocols will enable you to create an RBAC system, but the actual implementation of RBAC is done application side not within the IDP.
One of the biggest factors in choosing a solution will be cost. SaaS IDPs become incredibly expensive at social media level of scale (10k+ users).
Personally I recommend starting out in a SaaS IDP and migrating your users to a self hosted service later if needed. As long as you leverage a well supported protocol the migration shouldn’t be _too_ difficult.