Open edX Platform Atlasv1.0
Learner ExperiencesEst. 2012

Identity & Accounts

Scaffold

Overview

Identity & Accounts covers learner registration, login, authentication (including SSO), account settings, and learner profiles. This is the gateway to the platform — every learner must create and maintain an account to access courses.

The authentication surface has seen significant evolution: from Django session-based login to OAuth2-based JWT authentication, and from Django-rendered forms to dedicated MFEs (`frontend-app-authn`, `frontend-app-account`, `frontend-app-profile`).

Current State (2026)

• Registration/Login: `frontend-app-authn` MFE handles all registration, login, and password reset flows

• Account settings: `frontend-app-account` MFE for profile, privacy, notifications, connected accounts

• Public profile: `frontend-app-profile` MFE for learner profile pages

• SSO: SAML 2.0 and OAuth2-based SSO via `auth-backends` and `edx-platform` third-party auth

• JWT: All API authentication uses JWT tokens issued by the LMS (`/oauth2/` endpoint)

• Enterprise SSO: B2B deployments often use enterprise SSO via `edx-enterprise` integration

Architecture

• Auth backend: Django + `python-social-auth` in `edx-platform` handles OAuth2 and SAML providers

• Session management: JWTs issued by LMS; stored in browser cookies; refreshed via `/login_refresh` endpoint

• User model: Custom `User` model in `edx-platform` with `UserProfile` for additional attributes

• Third-party auth: Pluggable social auth backends; supports Google, Microsoft, Apple, enterprise SAML

• Account API: REST API in `edx-platform` (`/api/user/v*`) consumed by account MFEs

History

Origin

• Year introduced: 2012 (accounts launched with original edX)

• Initial implementation: Django session-based authentication; registration via Django form at `/register`

• Context: Standard Django auth extended with custom `UserProfile`; designed for large-scale self-registration

Key Milestones

2012

Basic Django registration and login

~2015

Third-party auth (social login) added

~2017–2018

OAuth2/JWT migration begins

~2020–2021

`frontend-app-authn` MFE begins replacing Django views

~2022

SAML SSO improvements for enterprise

Open Questions

  • ?When was the transition from session-based auth to JWT-based auth? What drove it?
  • ?Who designed the third-party auth (social login) integration?
  • ?What are the most common SSO configurations in enterprise deployments?
  • ?How was the user model designed originally, and what limitations has it created over time?
  • ?When was `frontend-app-authn` MFE initiated and who led it?
  • ?How does registration differ between open-registration deployments and invitation-only enterprise deployments?