## Atomic Insight An Identity Provider (IdP) is a service that authenticates users and issues signed tokens (SAML assertions or OIDC JWTs) that other applications trust. Applications delegate authentication to the IdP rather than managing credentials themselves — the SSO pattern. The IdP issues a signed token once; every downstream service validates the signature rather than re-authenticating. This makes the IdP load-bearing infrastructure: its availability directly governs access to every connected application. Not to be confused with **Internal Developer Platform (IDP)** — a self-service infrastructure layer for developer teams. Same acronym, different domain. ## Cross-Domain Applications **PKI**: An IdP is the runtime analog of a Certificate Authority — both are trusted third parties whose signatures unlock access; compromise of either cascades across all dependents. **Microservices**: JWT-based IdPs enable stateless auth across service boundaries — each service validates the token independently without calling back to the IdP on every request.