WSO2 Identity Server

WSO2 Identity Server

As application, service, and API adoption grows in an enterprise, managing identities (i.e. employees, vendors, partners, and customers) across internal, shared, and SaaS services becomes a significant challenge. WSO2 Identity Server provides sophisticated security and identity management of enterprise web applications, services, and APIs.

WSO2 Identity Server enables enterprise architects and developers to improve customer experience by reducing identity provisioning time, guaranteeing secure online interactions, and delivering a reduced single sign-on environment. The WSO2 Identity Server decreases identity management and entitlement management administration burden by including role base access control (RBAC) convention, fine-grained policy based access control, and SSO bridging.


Case Study

ELM Manages Identities of 4 Million Government Program Users with WSO2 Identity Server

Analyst Reports

Gartner Compares Vendors of Comprehensive Application Infrastructure Suites

White Papers

The Revolution in Military Affairs 2.0: Information Dominance and the Democratization of Information Technology



Upcoming Events


  • System & User Identity Management

    • Implement flexible user store via built-in LDAP (powered by ApacheDS), external LDAP, Microsoft Active Directory, Apache Cassandra or any JDBC database
    • API for integrating identity management to any application
    • Multifactor authentication via XMPP for OpenID
    • Single Sign-On (SSO) via OpenID, SAML2 and Kerberos KDC
    • SSO bridging between on-premise systems and cloud apps
    • Credential mapping across different protocols
    • Provisioning via SCIM instead of legacy SPML
    • Auditing via XDAS
    • Delegation via OAuth 1.0a, OAuth 2.0 and WS-Trust
    • Federation via OpenID, SAML2 and WS-Trust STS
    • Integration with Microsoft SharePoint with Passive STS support
    • Implement REST security with OAuth 2.0 and XACML
    • Flexible profile management for users supporting multiple profiles per user
    • XKMS for key storage and distribution
    • Implement REST security with OpenID Connect
    • OAuth 2.0 authentication for SCIM
    • Multiple user store support
    • Per tenant user stores
    • Trusted SAML2 Identity Providers per tenant
    • Out-of-the-box integration with Google Apps and Salesforce
    • Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2 and Passive STS
    • Account locking on failed user attempts
    • Password validation/expiration policies
    • Account recovery with email and secret questions
  • Entitlement Management

    • Role based access control (RBAC)
    • Attribute or Claim based access control via XACML, WS-Trust, OpenID and claim management
    • Fine-grained policy based access control via XACML
    • Advanced entitlement auditing and management
    • Entitlement management for any REST or SOAP calls
  • XACML 2.0/3.0 Support

    • Friendly user interface for policy editing
    • Multiple Policy Information Point (PIP) support
    • TryIt tool for exploring policy impact
    • Policy distribution to various Policy Decision Points (PDPs)
    • Policy decision and attribute caching
    • High performance network protocol (over Thrift) for PEP/PDP interaction
    • Notifications for policy updates
    • Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)
    • Customizable policy administration UI
  • Lightweight, Developer Friendly & Easy to Deploy

    • Complete SOAP API for integrating/embedding into any application or system
    • Pluggable workflows for privileged operations
    • Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points and more
    • Clustering for high available deployment
    • Choice of deployment to on-premise servers, private cloud or public cloud (WSO2 StratosLive Identity-as-a-Service) without configuration changes
    • Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication
  • Manage & Monitor

    • Comprehensive management & monitoring Web console with enterprise-level security and SAML2 SSO
    • Built-in collection and monitoring of standard access and performance statistics
    • JMX MBeans for key metrics monitoring and management
    • Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
    • Flexible logging support with integration to enterprise logging systems
    • Centralized configuration management across different deployment environments with lifecycles and versioning with integration to WSO2 Governance Registry


  • API - Application Programming Interface
  • JDBC - Java Database Connectivity
  • LDAP - Lightweight Directory Access Protocol
  • REST - Representational state transfer
  • SCIM - System for Cross-domain Identity Management
  • SOAP - Simple Object Access Protocol
  • SPML - Service Provisioning Markup Language
  • SSO - Single sign-on
  • STS - Security Token Service
  • XACML - Xtensible Access Control Markup Language
  • XDAS - Distributed Audit Service
  • XKMS - XML Key Management Service
  • XMPP - Extensible Messaging and Presence Protocol