BillRun provides a flexible and secure authentication framework designed to integrate seamlessly with enterprise identity infrastructures while supporting standalone deployments.
Authentication in BillRun determines how users prove their identity, while authorization (roles and permissions) determines what they are allowed to do once authenticated.
BillRun supports multiple authentication models to accommodate different operational and security requirements:
Username and password managed directly by BillRun
Suitable for:
Authentication is delegated to a third-party Identity Provider (IdP)
Suitable for:
BillRun can integrate with external Identity Providers using standard authentication protocols.
OpenID Connect (OIDC)
Each protocol is implemented independently and may require different configuration fields and role-mapping strategies.
When external authentication is enabled:
Authentication in BillRun is tightly integrated with its role-based authorization system.
Authorization enforcement is handled entirely within BillRun after successful authentication.
BillRun supports multiple authentication providers simultaneously, allowing:
Each provider is uniquely identified and configured independently.
From the user’s perspective:
BillRun authentication is designed with enterprise security requirements in mind:
For deployment-specific hardening recommendations, refer to Security Best Practices.