Dex
Capability scores
Methodology →- Authentication
- 4.0
- SSO & Federation
- 4.5
- Authorization
- 2.5
- Lifecycle & Provisioning
- 2.0
- MFA & Passwordless
- 2.5
- Governance & Audit
- 2.5
- Developer Experience
- 4.0
- Deployment Flexibility
- 4.5
- Pricing Transparency
- 5.0
- Support & Ecosystem
- 3.5
Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.
Overview
Dex is an open-source OpenID Connect identity provider, now a CNCF project and originally from CoreOS. It acts as a federation layer, authenticating users against upstream identity sources through connectors and issuing OIDC tokens to applications.
What it is good at
Dex shines as a lightweight federation broker: connectors for LDAP, SAML, GitHub, Google, and more let it front many identity sources and present a single OIDC interface, which is why it is common in Kubernetes and internal platform authentication. It is simple, composable, and self-hostable.
Where it falls short
Dex is deliberately narrow. It is not a full IAM: no user store, admin UI, or governance, so teams needing those pair it with other tools or choose a broader platform.
Pricing
Free and open source (Apache 2.0, CNCF); self-hosted.
Best for, and who should look elsewhere
Choose Dex as an OIDC federation layer, especially for Kubernetes. Look elsewhere for a full IAM with user management (see Zitadel or Keycloak).
Bottom line
A focused, dependable OIDC federation broker, a staple of cloud-native authentication.
By SWI Community Team · Last evaluated 2026-07-03
Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].