Applications

Descope provides applications to handle various identity federation scenarios. Understanding the different types of applications and their use cases is essential for implementing the right authentication strategy for your needs.

Federated Apps

Federated Applications in Descope enable you to establish secure Single Sign-On (SSO) connections between your applications and Descope, which acts as the Identity Provider (IdP). This allows users to authenticate once with Descope and gain access to multiple connected applications without needing to log in separately to each one.

Key characteristics

  • Single authentication point for multiple applications
  • Centralized user management
  • Seamless user experience across applications

When to use Federated Apps

Federated apps are essential when you want to:

  • Manage federated login across multiple different applications and domains
  • Provide seamless access across different applications
  • Centralize user management and access control

For example, if your organization has multiple applications (like an internal portal, customer dashboard, and admin panel), you can configure them as federated apps. Once a user logs in to any of these applications through Descope, they'll have seamless access to all other connected applications.

Inbound Apps

Inbound Apps enable your application to act as an OAuth provider, allowing third-party applications to authenticate and access your resources securely. This lets you manage user consent, permissions, and API access while maintaining control over your authentication system.

Key characteristics

  • Your application becomes the OAuth provider
  • Fine-grained control over API permissions through OAuth scopes
  • Centralized consent and permission management
  • Support for both user-based and machine-to-machine (M2M) authentication

When to use Inbound Apps

Inbound apps are essential when you want to:

  • Allow third-party applications to integrate with your platform securely
  • Provide API access to external services while maintaining control over permissions
  • Support automated workflows and AI agents that need secure access
  • Build a marketplace or platform where partners can integrate their services
  • Support M2M integrations with secure token-based authentication

Outbound Apps

Outbound Apps let you securely connect your users to third-party providers, without relying on those providers as primary authentication methods. Think of them as a token vault, or an extension of OAuth social login, where you can define default scopes, progressively request new scopes, and rely on Descope to automatically manage and refresh access tokens on your behalf.

Key characteristics

  • Connect to third-party providers for additional permissions
  • Manage OAuth tokens and refresh cycles automatically
  • Control default scopes and request additional scopes if needed
  • Works with MCP and AI-related tools for token management for external API connections

When to use Outbound Apps

Outbound apps are essential when you want to:

  • Manage permissions for AI tools with external APIs
  • Manage multiple OAuth tokens for users/tenants with the right scopes
Was this helpful?

Backend SDK

Use Descope Backend SDKs to add authentication to your app with your own developed backend APIs.

Federated Apps

Integrate and manage Federated Applications with Descope. Follow our guides to set up your applications' SSO securely and seamlessly.

On this page