Identity Provider

CategoryArchitecture Component

Cloud-based Identity Providers enable the right individuals to access the right resources at the right time, and for the right reason. They are the key to securely exposing enterprise application functions in a mix of cloud and on-premise environments.

Component Overview

Secure Web and API Access

Modern Identity Providers enable industry standard, federated security services in the Identity and Access Management (IAM) domain, making single sign-on and delegated authorization a simple task.

IAM initiatives have traditionally required multi-year implementations before delivering full organizational value. Project timelines have been extended by the complexity of the first-generation single sign-on and entitlements standards based on SAML, XACML and proprietary authentication and access tokens.

The shifting of user management and application services to the cloud, and the increased pace of technology innovation, has altered the IAM landscape towards cloud-based identity governance and access control. A new wave of IAM standards better suited for web resources and RESTful application services has emerged, including OpenID and OAuth frameworks that use claims to communicate information about end-users and systems.

New-generation Identity Providers include a complete set of capabilities for managing authentication, authorization and auditing for user and system-centric scenarios involving enterprise applications and cloud services:

  • Single Sign-on — enable federated authentication for web applications and cloud services.
  • Identity Federation — delegate user authentication to existing corporate directory services.
  • Multi-factor Authentication — enforce additional authentication factors as part of sign-on.
  • Account Management — manage user profile based on a common user information model.
  • Session Management — monitor and administer active logins and issued service access tokens.
  • Service Authorization — delegate API access authorization and token lifecycle management.
  • Client Self-registration — register client applications for role and scope-based API access.
  • Permission Management — configure fine-grained permissions to access online resources.
  • Security Auditing — configure logging and alerting rules for critical security events.

A simplified approach to information asset protection based on the new wave of IAM standards allows to meet the cyber-security requirements introduced by the proliferation of distributed mobile technologies, heavy usage of social media, continuous harnessing of Event Analytics, and increasing footprint of cloud applications. Choosing the right, contemporary Identity Provider is critical for implementing API Management for the hybrid enterprise.

Some examples of Identity Providers are: IAM platform — Red Hat SSO, CA SSO and Oracle Access Manager; IAM cloud service — Okta Identity Cloud, PingOne, CA Identity Service and Oracle Identity Cloud Service.

identity

Success of the ongoing digital transformation in most industries is predicated on using cloud services.

Outside access by employees, partners and clients add new layers of complexity to the already difficult task of credentials management and access control.

Cloud-based IAM solutions can offer a seamless, enterprise-class security service to protect any application or information resource, whether it be on premise or in the cloud.

Single sign-on eliminates the burden of complex password management across internal and hosted applications.

Delegated authorization allows third-parties to make resource access decisions without forcing client applications to impersonate the end-user.