We are using EPi_AspNetIdentityUserProvider in my application. I want to make my Epi application as IdentityServer where I can manage the users, roles, group etc. By using Admin > Create user, we can create the user and manage the user but very limited functionality. I want to integrate interface to manage all users like, updating user details, delete user, create user.
Is there any starting point where should I start. I mean how feasible it would be making the as IdentityServer and other applications in the organization can us my epi application as single-sign-in on.
What are the possible ways to achieve this in Epi, or is there any inbuild API for this.
Sure you can implement a custom OAuth server middleware. I have done that before, in order to support native apps with Bearer token authentication in a safe way. Just be adviced that it can take a lot of work and testing to get right. Especially if you want different OAuth flows, grant types and scope etc.
In terms of managing users, you only get what you have already seen in Episerver (like CMS user admin and Commerce contact manager). Other features you need to implement yourself.
What kind of applications would be using Episerver as single-sign-on?
I would not make the Episerver instance the SSO but use software that has been certified to act as identity provider.
I would look at the .Net Core IdentityServer4 (OpenSOurce and free): https://github.com/IdentityServer/IdentityServer4
Or one of the listed certified OIDC implementations: https://openid.net/developers/certified/
Or OpenAM: https://github.com/OpenIdentityPlatform/OpenAM
So I would have the Identity management (access management, etc) in separate tested application, less work and testing for your team to make sure the system is secure and up to date.