New WSO2 Identity Server Release Provides a Hassle-Free Configuration Model and RESTful APIs for Self-Service IAM

The leader in open source IAM, WSO2 Identity Server adds RESTful APIs, new adaptive authentication options, cross-protocol single logout, multi-domain federation support for Microsoft Azure AD and Office 365, and built-in support for managing active user sessions

Mountain View, CA - October 15, 2019 - Digitally driven businesses face unprecedented complexity in protecting not only their own data and privacy but that of globally distributed customers, partners and employees using a variety of personal computing and mobile devices. WSO2 offers several new capabilities to help enterprises address these demands with the latest release of WSO2 Identity Server for identity and access management (IAM). Using WSO2 Identity Server, IT organizations now have an open source, API-driven, developer friendly solution for modernizing application security and delivering an enhanced user experience that encourages adoption.

New and enhanced features in WSO2 Identity Server include:

  • RESTful APIs to enable customer self-service
  • Multi-domain federation support for Microsoft Azure Active Directory (AD) and Microsoft Office 365
  • Single logout (SLO) across multiple applications that use heterogeneous single sign-on (SSO) protocols
  • Built-in support for managing active user sessions
  • Enhanced support for adaptive authentication via reusable script libraries
  • A hassle-free configuration model that saves developers time and minimizes user errors

“As enterprises conduct more of their business online, developers need to implement IAM solutions that ensure both secure, easy access for users and simplified management for administrators - often across multiple systems and cloud domains,” said WSO2 Vice President - Security Architecture Prabath Siriwardena. “We are extending our commitment to empowering these developers with the newest version of our open source WSO2 Identity Server.”

Facilitating IAM Management and Ease of Use

WSO2 Identity Server is a uniquely extensible, API-driven, cloud-native IAM product designed for developers that build customer IAM (CIAM) solutions. The product incorporates the functionality to federate, authenticate and manage identities; bridge across heterogeneous identity protocols; and secure access to web and mobile applications along with API-based endpoints. Unlike “open core” products, WSO2 Identity Server includes the core and all extensions and connectors under the commercial-friendly, open source Apache 2.0 license to enable faster innovation and customization.

Already, businesses and government organizations are using WSO2 Identity Server to manage up to millions of user identities. The latest release, available today, adds several new features that further empower developers to build CIAM implementations that are easier to manage and use.

RESTful APIs for customer self-service make it easier for developers to integrate self-service functions with third-party applications. The ability to view authorized OAuth applications and revoke the consent given to them as needed, manage associated accounts, register devices that use FIDO for authentication, view and revoke login sessions, and manage pending approvals are now exposed through the new RESTful APIs.

Multi-domain federation support for Microsoft Azure AD and Office 365 includes the ability to federate users from multiple Microsoft Azure AD and Microsoft Office 365 domains into a single WSO2 Identity Server tenant instance, simplifying deployment and management.

Cross-protocol single logout complements the existing SSO capabilities of WSO2 Identity Server. Now developers can create a seamless experience for end users when they sign-on or logout—even with applications that communicate via heterogenous SSO protocols, such as OpenID Connect (OIDC) and the Security Assertion Markup Language (SAML).

Built-in support for managing active user sessions is now available via an API. This helps users protect their own sessions by enabling them to retrieve and delete all active sessions, as well as selectively kill any suspected sessions. Administrators also can view and terminate the sessions of any given end user.

Enhanced support for adaptive authentication is provided through the ability to create reusable script libraries. Now developers can import the authentication flows that they have written in JavaScript into a function library, so they can be reused in authentication scripts.

The hassle-free configuration model saves developers time, minimizes user errors, and improves compatibility with various configuration automation tools and cloud-native environments. Because the object model is decoupled from the file format, WSO2 Identity Server can support a range of configuration file formats provided by Tom’s Own Minimal Language (TOML) and YAML Ain’t Markup Language (YAML), among others.

Availability and Support

WSO2 Identity Server 5.9 is available today. As a fully open source solution released under the Apache License 2.0, it does not carry any licensing fees. WSO2 Identity Server is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24x7 support. Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model - cloud, on-premises or hybrid - based on their preferences. Information on WSO2 Subscription and other service and support offerings can be found at

About WSO2

WSO2 is the world’s #1 open source integration vendor, helping digital-driven organizations become integration agile. Customers choose us for our broad integrated platform, our approach to open source, and our agile transformation methodology. The company’s hybrid platform for developing, reusing, running and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. Today, hundreds of leading brands and thousands of global projects execute 6 trillion transactions annually using WSO2 integration technologies. Visit to learn more.

Trademarks and registered trademarks are the properties of their respective owners.