Stop configuring each app for each provider. Identity Hub sits in the middle — it normalizes, transforms, and routes identity from any IdP to any Service Provider, with fully custom claims.
Stop rebuilding identity integrations for every application. The Hub maps the exact claim to each need — you define the policy, it handles the rest.
Identity Providers
IDENTITY HUB
Service Providers
Every team feels it. Most just live with it.
Each app must be configured N times — once per identity provider. When you add a new IdP, you reconfigure every app. When a provider changes, you touch everything.
N × M configurationsAzure sends `userPrincipalName`, Google sends `email`, Okta sends `login`. Each IdP speaks a different dialect. Your apps suffer the incompatibilities.
Incompatible vocabulariesMigrating from Azure to Okta means touching every app, every SP, every integration. Projects that last months. Risk of regression everywhere.
Months of migrationThe trio that transforms identity
OIDC or SAML — Azure AD, Okta, Google Workspace, LDAP. All at once, without limits. Each provider registers once in the Hub.
One-time setupmatch_rules: which provider + which group. claim_mappings: what each app receives. A policy is the bridge between your providers and your Service Providers.
Zero app changesFully custom claims per SP. The VPN gets `role + device_compliant`. The ERP gets `email + cost_center + manager`. The app doesn't know which IdP authenticated the user.
Custom vocabularyNot another IdP. The broker between all your IdPs and all your apps.
N external providers, one single SP endpoint. The policy routes and normalizes. Apps stay blissfully unaware of your provider landscape.
Each application receives exactly the claims it needs. Its own vocabulary, not the IdP's. Define mappings once, reuse forever.
match_rules + claim_mappings. Change the policy, not the app. Add a new provider without touching a single SP configuration.
If Azure goes down, Okta takes over automatically. No manual intervention. Your users don't notice. Your apps don't notice.
Every authentication logged: who, from which provider, which claims were emitted, result. Compliance-ready out of the box.
Manage dozens of clients from a single panel. Each with their own providers, SPs and policies. Full isolation.
Real scenarios where the Hub makes the difference.
Your employees are in Azure. Your contractors are in Google. The app only talks to the Hub. Federation policy routes each user to the right claims — regardless of their origin.
1 Hub · 2 IdPs · 1 SP configDeploy Identity Hub as a service. Each client gets an isolated tenant with their own providers, SPs and policies. You manage everything from one place.
1 deployment · N tenants · infinite scaleThe Hub emits the claims Cloudflare needs: role, device_compliant, department. No matter which IdP the user came from. The policy handles the translation.
Any IdP → custom claims → CloudflareA roadmap built on the Hub concept — identity as infrastructure.
Want to be part of this? Nexocyber Networks has 4 projects in flight.
Meet the team & investorsJoin teams already using Identity Hub to tame their identity complexity.