Access Manager Overview
The Web Access Manager is an integral part of the OpenIAM platform. The Access Manager provides a scalable, secure and consistent solution to access applications in hybrid environments for both corporate (employees) and consumers (external) alike.
The Access Manager provides organizations with the following tools to enable these objectives:
- Web SSO with support for SAML 2, oAuth 2, OIDC, and a rProxy to allow SSO to legacy applications
- Adaptive Authentication
- Multifactor Authentication (MFA)
- Social Sign-on
- Session Management
- Device registration
- Fine grained audit logging
OpenIAM provides a number of OTB authentication options which include:
- Password-based authentication
- Certificate-based authentication
- MFA-SMS/E-mail/Mobile app-based OTP
Adaptive Authentication builds on these options to provide a robust framework where users can build rich authentication workflows using a browser-based drag-and-drop interface. The flows can take into account a broad range of risk factors including device, context, user choices, geolocation, profile attributes and user behavior. This allows organizations to implement a solution which offers a significantly higher level of security while providing an improved end-user experience in comparison to traditional options.
Multifactor Authentication (MFA)
While OpenIAM’s framework allows you to use third party MFA products, OpenIAM provides its own MFA solution which is pre-integrated and ready to use. The following MFA options are provided out-of-the-box:
- SMS-based OTP
- E-mail-based OTP
- Mobile app (iOS or Android) OTP plus push notification support
The Access Manager allows social sign-on from social identity providers such as Google, Facebook and LinkedIn. Social registration significantly reduces the registration effort by allowing select attributes to be dynamically transferred from the social provider.
OpenIAM provides a flexible RBAC-based authorization model to enforce security into your applications. The RBAC model, which supports inheritance as well as direct entitlements, provides end-customers with the flexibility needed to implement real world requirements. The authorization service can be used in conjunction with oAuth2 and the Access Gateway to enforce the authorization rules.
The access gateway is a native plugin for Apache and Nginx web servers which provides the following functionality:
- SSO to legacy applications
- Session management
- Protection of APIs and application URLs by enforcing authentication and authorization rules
Device registration provides a framework through which users can register and manage their devices. These devices and their attributes can be used as part of the adaptive authentication functionality to further enhance security.
Single Sign-on and Federation
OpenIAM supports SAML 2, OpenID Connect (OIDC) and oAuth2 to enable SSO to a large number of applications. OpenIAM can act as both an Identity Provider (IdP) and a Service Provider (SP).
OpenIAM provides an extensive REST and SOAP API which can be used to add identity and improve security to your applications. The API can also be used to customize the behavior of core OpenIAM features.
Posts read more