WSO2 Identity Server

As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.

With an abundance of connectors and authenticators (freely available at our Connector Store) WSO2 Identity Server supports popular standardized services exposed via external identity providers that provision users in their systems.


System and User Identity Management

  • API to integrate identity management to any application
  • Multi-factor authentication
  • Single Sign-On (SSO) via OpenID, SAML2 and OpenID Connect
  • SSO bridging between on-premise systems and cloud apps
  • Credential mapping across different protocols
  • Auditing via XDAS
  • Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust
  • Federation via OpenID, SAML2, OpenID Connect and Passive STS
  • Integration with Microsoft SharePoint with Passive STS support
  • Implement REST security with OAuth 2.0/OpenID Connect and XACML
  • Implement REST security with OpenID Connect
  • Out-of-the-box integration with Google Apps and Salesforce
  • Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS

User and Groups Provisioning

  • Support for SCIM 1.1 standard
  • OAuth 2.0 authentication for SCIM
  • Automatic provisioning of users to "Salesforce/Google Apps" or via SPML/SCIM
  • Just-in-time provisioning can be used to create identities "on the fly"

User and Groups Management

  • Web-based application for users, for profile, password, and service providers management
  • Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, or any JDBC database
  • Flexible profile management for users supporting multiple profiles per user
  • Multiple user store support
  • Per tenant user stores
  • Ability to link multiple user profiles belonging to a single user
  • Account locking on failed user attempts
  • Password policies
  • Account recovery with email and secret questions
  • FIDO 2 factor authentication

Entitlements Management

  • Role based access control (RBAC)
  • Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management
  • Fine-grained policy based access control via XACML
  • Advanced entitlement auditing and management
  • Entitlement management for any REST or SOAP calls

XACML 2.0/3.0 Support

  • User-friendly interface for policy editing
  • Multiple Policy Information Point (PIP) support
  • TryIt tool for exploring policy impact
  • Policy distribution to various Policy Decision Points (PDPs)
  • Policy decision and attribute caching
  • High performance network protocol (over Apache Thrift) for PEP/PDP interaction
  • Notifications of policy updates
  • Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)
  • Customizable policy administration UI

Connectors to Extend the Identity Ecosystem

  • Support for popular outbound provisioning connectors such as Google, Salesforce and Inwebo
  • Support for popular outbound authenticators such as Microsoft Office365, Twitter, MePIN, TOTP, Tiqr, Clef and many more
  • Ability to consume identities and attributes from third party IDPs by translating from non-standard dialects to standard dialects via claim mappings
  • Ability to connect to any legacy system using non-standard custom connectors
  • Easy access to a wide range of self-contained connectors via WSO2 Connector Store

Lightweight, Developer Friendly and Easy to Deploy

  • Complete SOAP API for integrating/embedding into any application or system
  • Pluggable workflows for privileged operations
  • Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
  • Clustering for high available deployment
  • Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes
  • Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication

Manage and Monitor

  • Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
  • Built-in collection and monitoring of standard access and performance statistics
  • JMX MBeans for key metrics monitoring and management
  • Integrates with WSO2 Data Analytics Server for operational audit and KPI monitoring and management
  • Flexible logging support with integration to enterprise logging systems
  • Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry

Upcoming Events

27 | September


WSO2 Guest Webinar: MePIN User Authentication and Transaction Authorization with WSO2 Identity Server

Register Now >>