20 May, 2022 | 3 min read

WSO2 Identity Server and its Key Features

  • Nuwanga Herath (Intern)
  • Job Title - WSO2

Photo by Tima Miroshnichenko from Pexels

Introduction to WSO2

WSO2 is a leading provider of open source, middleware technology. They offer an enterprise platform for integrating application programming interface (API), applications, and web services locally, and across the internet. WSO2 comprises a range of products for varying business needs. Here are their three main products:

    1. API Manager
    2. Enterprise Integrator
    3. Identity Server

This article will give you a clear overview of the WSO2 Identity Server and its key features.

WSO2 Identity Server

WSO2 identity server is an open source, API-driven, identity and access management (IAM) product, designed to help you build effective CIAM solutions. It is based on open standards such as SAML, OAuth, and OIDC. It supports complex IAM requirements given its high extensibility. WSO2 Identity Server provides many features to optimize the identity management, security, and privacy of a business that is online. Now that we know what WSO2 Identity Server is, let’s go through some of its key features. 

User Account Management

WSO2 Identity Server provides a centralized user management system that securely and efficiently manages user identities, and defines and manages access rights. WSO2 Identity Server uses Role-Based Access Control (RBAC) to manage permissions and access rights of users based on their roles. It reduces administrative costs and makes it easy to comply with privacy regulations. WSO2 Identity Server has the ability to use secondary user stores in addition to the primary user store. It has features such as user registration by admin, self-registration, password reset, and recovery, defining password policies, account recovery, account locking, account suspension, and account disabling.

Single Sign-On (SSO)

Single sign-on (SSO), permits users to use the same set of user credentials over multiple applications. WSO2 Identity Server works as a centralized user management server to provide authentication and user management to several applications. Users can access any number of applications through the WSO2 Identity Server using the same set of credentials that are stored in the WSO2 Identity Server. With SSO, users do not need to remember multiple usernames and passwords for different applications, thereby enhancing their experience. Since it provides more centralized authentication management, the system is resistant to a data breach.

Adaptive and Strong-Multi Factor Authentication (MFA)

WSO2 Identity Server uses multiple authentication factors to provide strong authentication. These factors can be categorized as knowledge, possession, and inherence. The MFA prevents security vulnerabilities that arise due to password-based authentication. Adaptive authentication means that authentication factors are decided based on the user's level of risk and activity nature. With adaptive authentication, authentication factors differ based on the access device, making it easy for users to use the applications. WSO2 Identity Server uses adaptive authentication for efficient and convenient use of MFA.

Identity Federation

Identity federation is the process of connecting a person’s digital identity and attributes, that is stored across multiple distinct trust domains. WSO2 Identity Server provides authentication across multiple external identity providers such as Google and Facebook. Rather than creating new accounts, it allows users to access the application using the login credentials they already have with other identity providers. It is a more convenient way for users to access and use applications than having to create user accounts for every application they use.

Identity Provisioning

Identity provisioning is the process of creating and maintaining digital identities in a system and assigning appropriate privileges to them. With identity provisioning, you can save time and money, improve security, and enable seamless integration. WSO2 Identity Server follows the user provisioning standard called SCIM (System for Cross-Domain Identity Management) and uses three main user provisioning methods: Inbound Provisioning, Outbound Provisioning, and JIT (Just In Time) Provisioning.

User Provisioning in the Identity Lifecycle

This article discusses some of the key features of the WSO2 Identity Server so that you have a clear overview of its functionalities and potential to provide strong Identity and Access Management. You can download the WSO2-IS Product for free. Complete the Udemy Course, Introduction to WSO2 identity server, to get a deeper understanding of WSO2 Identity Server. 

    If this sounds interesting, we encourage you to try out the early adopter version of Asgardeo, an identity as a service (IDaaS) solution that enables developers without security expertise to easily embed customer identity and access management (CIAM) features into their apps within minutes.

    You can also follow us on Twitter or join the IAM4Devs community. Alternatively, if you’re looking for an enterprise-grade, API-driven, open source solution that can manage millions of user identities without spiraling costs, please check out WSO2 Identity Server.