OpenID Connect (OIDC) is an open identity protocol that builds on top of OAuth 2.0 to add authentication capabilities to its authorization framework. While OAuth issues access tokens to allow delegated access to resources, OIDC issues ID tokens that verify the identity of the user. OIDC enables secure Single Sign-On (SSO) across domains by allowing trusted identity providers (IdPs) to authenticate users and provide verifiable identity claims such as name, email, role, or group membership, to relying parties (applications or services).
OIDC is widely adopted for web, mobile, and cloud applications due to its simplicity, security, and compatibility with modern identity platforms.In today’s distributed environments, users often need to access multiple applications across internal, cloud, and partner networks. Managing credentials separately for each system increases security risk and degrades user experience. OpenID Connect solves this by enabling federated authentication, where users can log in once via a trusted identity provider and then access authorized systems without re-entering credentials.
OIDC provides:
For organizations managing critical infrastructure, OIDC can bridge enterprise identity systems (like Active Directory or Okta) with secure access platforms to enable centralized, policy-driven access while preserving security segmentation between IT and OT.
OIDC also supports compliance requirements related to identity assurance, auditability, and least privilege, making it a key enabler of secure access at scale.
Xona integrates with identity providers that support OpenID Connect to authenticate users before granting access to critical infrastructure systems. By leveraging OIDC, Xona ensures that identity verification is performed upstream by a trusted IdP, and that user claims such as roles, groups, or affiliations can be used to drive access control policies.
Once authenticated via OIDC, users are governed by Xona’s fine-grained controls, including role- and time-based access, multi-factor authentication (MFA), credential injection, and session isolation and recording
This ensures that even though the identity verification is federated, the access enforcement remains local, secure, and fully auditable.
systems (like Active Directory or Okta) with secure access platforms to enable centralized, policy-driven access while preserving security segmentation between IT and OT.
Xona’s support for OIDC enables organizations to unify access control across cloud, IT, and OT domains supporting Zero Trust strategies and compliance mandates without introducing unnecessary complexity.