...
Organization will manage all users and passwords internally and are responsible for onboarding and off boarding offboarding users.
Organization will define manage security settings such as:
2-Factor or Multi-factor authentication (2FA/MFA)
Organization level audit logging
Password complexity, expiration, aging
Login restrictions (ip address, time based, location based)
If Organization’s user store (AD or IdP broker service) is not accessible, federated users will not be able to login to Tidepool
Organization domain and login patterns or metadata will be verified programmatically in
Keycloakand applied based on policy
...
Microsoft ADFS and Azure ADFS running SAML or OpenID Connect
Ping Federate running SAML or OpenID Connect
Auth0 running SAML or OpenID Connect
Shibboleth
Google Workspace
More Information on Keycloak, SAML and OpenID Connect
...