Glossary
OpenID Connect (OIDC) is an open identity protocol that builds on top of OAuth 2.0 to add authentication capabilities to its authorization framework. While OAuth issues access tokens to allow delegated access to resources, OIDC issues ID tokens that verify the identity of the user. OIDC enables secure Single Sign-On (SSO) across domains by allowing trusted identity providers (IdPs) to authenticate users and provide verifiable identity claims such as name, email, role, or group membership, to relying parties (applications or services).
OIDC is widely adopted for web, mobile, and cloud applications due to its simplicity, security, and compatibility with modern identity platforms.
In today’s distributed environments, users often need to access multiple applications across internal, cloud, and partner networks. Managing credentials separately for each system increases security risk and degrades user experience. OpenID Connect solves this by enabling federated authentication, where users can log in once via a trusted identity provider and then access authorized systems without re-entering credentials.
OIDC provides:
For organizations managing critical infrastructure, OIDC can bridge enterprise identity systems (like Active Directory or Okta) with secure access platforms to enable centralized, policy-driven access while preserving security segmentation between IT and OT.
OIDC also supports compliance requirements related to identity assurance, auditability, and least privilege, making it a key enabler of secure access at scale.
Xona integrates with identity providers that support OpenID Connect to authenticate users before granting access to critical infrastructure systems. By leveraging OIDC, Xona ensures that identity verification is performed upstream by a trusted IdP, and that user claims such as roles, groups, or affiliations can be used to drive access control policies.
Once authenticated via OIDC, users are governed by Xona’s fine-grained controls, including role- and time-based access, multi-factor authentication (MFA), credential injection, and session isolation and recording.
This ensures that even though the identity verification is federated, the access enforcement remains local, secure, and fully auditable.
Xona’s support for OIDC enables organizations to unify access control across cloud, IT, and OT domains supporting Zero Trust strategies and compliance mandates without introducing unnecessary complexity.
OIDC builds on OAuth 2.0 by adding authentication. OIDC issues ID tokens to verify user identity, whereas OAuth only handles authorization via access tokens.
An ID token contains signed identity claims (e.g., username, email, group) that applications use to verify the user’s identity after authentication by the identity provider.
OIDC enables federated authentication across domains, allowing users to log in once through a trusted identity provider and securely access multiple services without repeated credential entry.
Yes, OIDC can federate identity from enterprise systems like Active Directory into secure access platforms that control access to OT and ICS systems.
OIDC ensures every session is based on verified identity claims from a trusted provider, supporting continuous authentication and identity-based access enforcement.
Xona integrates with OIDC-enabled identity providers to authenticate users, then enforces access controls including MFA, RBAC, TBAC, and session isolation, based on verified identity claims.
Originally published December 02, 2025
