Comment by notpushkin

> I would recommend self-hosting an OIDC service for that matter.

Seconded. It is fairly easy to set up, and so much easier than the cloud IAM things.

The only catch is, make sure you have some backup access to your OIDC provider in case it goes down. E.g. don’t host it on a server with SSH only accessible through VPN that is authorised using your OIDC provider, etc.