-
-
Notifications
You must be signed in to change notification settings - Fork 0
Getting Started
IdPVault takes scheduled, encrypted snapshots of your identity providers (Authentik, Okta, and Auth0), detects configuration changes between snapshots, and can restore configuration (and deleted apps) back into the live tenant. Everything runs on your own infrastructure; nothing is sent to us, ever.
-
Deploy the container and open the web UI. On a fresh install the setup wizard creates your admin account, with no credentials in config files.
-
Add your first tenant: Dashboard → + Add tenant. Pick the provider first; the form adapts to what that provider needs.
-
Click Backup now to take your first snapshot, then set a schedule (cron, UTC) so backups run themselves.
| Provider | Credential | How to get it |
|---|---|---|
| Authentik | API token | Admin → Tokens & App passwords → create a token for a service account with read (and, for restore, write) permissions. |
| Okta | SSWS API token | Admin → Security → API → Tokens. Created under an admin account; inherits that account's permissions. |
| Auth0 | Client ID + Client Secret | Create a Machine-to-Machine application authorized for the Management API. IdPVault mints short-lived tokens automatically, so there are no expiring pasted tokens. |
All credentials are encrypted at rest with envelope encryption (AES-256-GCM) the moment they are saved.
The dashboard shows coverage, unbacked changes, and storage. The Events page lists every detected change. Alerts (webhook + email) tell you when something changed, failed, or was restored; see Alerts & notifications.