is
2017/08/14
14 Aug, 2017

What is WSO2 Identity Server?

  • Ishara Karunarathna
  • Associate Technical Lead - WSO2

WSO2 Identity Server can be used to simplify identity and access management (IAM) related activities in the enterprise. The product is based on open standards and open source principles. WSO2 Identity Server comes with seamless, easy to use integration capabilities that help connect applications, user stores, directories and identity management systems.

WSO2 Identity Server allows enterprises to achieve single sign-on/sign-out (SSO), identity federation, strong authentication, identity administration, account management, identity provisioning, fine-grained access control, API security, monitoring, reporting, and auditing. It also provides a wide array of ready-to-use connectors that can be used to connect with cloud and other third party systems to build tailor-made systems that meet your business needs.

WSO2 Identity Server enables connecting and re-using both new and existing IT assets in a secured manner. You can connect JDBC, LDAP or Active Directory user stores and enforce role-based or attribute-based access control with XACML. Ensure the security of the APIs being exposed using OAuth2 and associated grant types. Multi-option and multi-factor authentication can be used to define how users should be authenticated to service providers. Inbound, outbound and just-in-time (JIT) user provisioning support by WSO2 Identity Server can be used to help organizations quickly, cheaply, reliably and securely manage information about users on multiple systems and applications. Identity provisioning features can be used to propagate user identities across different software as a service (SaaS) providers and come with System for Cross-domain Identity Management (SCIM) and Service Provisioning Markup Language (SPML) support. Identity federation enables users to bring their preferred identities to the system and allows authentication across different enterprises in different trust domains based on a trust factor. Once a user logs into one of the applications, SSO provides a seamless authentication experience when they navigate through other applications.

WSO2 Identity Server can be deployed anywhere: on-premise, on any cloud infrastructure, on private clouds and even using container systems. The WSO2 Identity Server is also available on the public cloud as a serviceWSO2 Identity Cloud. All these deployment options come with the same seamless developer and IT personnel experience.

Monitoring and analytics capabilities are built into WSO2 Identity Server to cater to both real-time and in batch analytics.

Comprehensive documentation, tutorials, open and free to use training material with lab kits and certification programs are all available to ensure credible, successful delivery of solution development on top of WSO2 Identity Server.

Key characteristics of WSO2 Identity Server

WSO2 Identity Server is one of the easiest tools that you can use to manage identities and solve identity-related problems. It facilitates the centralized management, administration, monitoring and detection of identity related activities. In the connected world of enterprise applications, where applications need to be built quickly while ensuring the security of both data and systems associated, it is critical that you have an easy-to-use toolset to establish and maintain proper identity and access management policies and procedures.

While you cater for rapid provisioning and ease of use, you cannot compromise the level of security. One of the key challenges in identity and access management is the silos of applications that use heterogeneous access mechanisms and different identity stores. This makes it difficult to enforce enterprise wide security policies. It also makes it difficult for users to remember and manage multiple identities and becomes an uphill battle for IT admins to manage the access controls along with the dynamics of people movement and role changes.

WSO2 Identity Server can be used as the enterprise wide identity bus, where you unify identity and access management and make it easier for both employees and IT admins adhere to the processes and policies in place.

WSO2 Identity Server capabilities

Powerful capabilities of WSO2 Identity Server

  • Single Sign-On
    • Security Assertion Markup Language 2 (SAML2) and OpenID connect support
    • Single logout
    • SSO between on-premise applications and cloud applications
    • Simple service provider and identity provider ecosystem management
  • Identity Federation
    • Federated SSO with external identity providers
    • Support for Facebook, Google, Microsoft Windows Live and more
    • User claims and roles transformation
  • Strong Authentication
    • Multi-option and multi-factor authentication support
    • Kerberos and X.509 support
    • 2-factor authentication including FIDO, SMS/Email OTP, MePin and more
  • Identity Governance and Administration
    • User and group management
    • User self service features (account recovery, self registration, account locking, etc.)
    • Provisioning based on standards such as SCIM and SPML
    • On the fly and rule-based provisioning
    • Workflows to user and role management and approval driven by templates
    • HTML and multi-language email template support
  • Entitlement and Access Control
    • Fine-grained authorization with eXtensible Access Control Markup Language (XACML) policies
    • API security with delegated access control using OAuth2 and support for SAML2 bearer, JSON Web Token (JWT) assertion and Integrated Windows Authentication with NT LAN Manager (NTLM-IWA) grant types

What should you consider when selecting an IAM solution?

Selecting an identity and access management solution in today's connected digital world requires you to consider both technical and business needs. IAM solutions address the mission-critical needs to ensure appropriate access to resources across increasingly heterogeneous technology environments. It also needs to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise and needs to be business-aligned taking into account enhanced user experience to eliminate hassle of security policies and procedures while ensuring the highest possible level of security. It also needs to increase efficiency and productivity while reducing costs. Following are the key considerations that you need to take into account when selecting an IAM solution:

  • Make login into disparate systems hassle free
  • Adding and extending your user base with ease for both internal employees and external users/customers/suppliers
  • Self service capabilities
  • Open standards support
  • Compliance with various industry security regulations
  • Integration with heterogeneous technology stacks
  • Ease of integration of new applications being developed into the security ecosystem
  • Cloud vs on-premise deployments and their interconnectivity needs
  • Deployment options and vendor lock-in implications
  • Monitoring (usage and breaches), auditing and alerting
  • Ensuring data security with early detection and prevention of security breaches
  • Ensuring that your solution is future proof where you can incorporate latest algorithms and security protocols with ease as and when they emerge

Why WSO2 Identity Server?

WSO2 Identity Server is designed from the ground up to be easy to use, standards based, extensible, secure and highly scalable. It has evolved over the years to meet the demands of cloud and container trends.

WSO2 Identity Server comes packaged with comprehensive APIs as well as deployment and debugging tools to help with rapid development and deployment of enterprise applications with the right level of security and access controls. It is also equipped with powerful monitoring and analytics tools to keep track of the enterprise IAM system’s health when the system is deployed in production. The analytics system is capable of generating and analyzing login attempts made via WSO2 IS. In addition the analytics system is also capable of generating and analyzing information relating to specific sessions that have taken place via WSO2 Identity Server.

Benefits of WSO2 Identity Server

  • Scalable design suited for enterprise wide deployment
  • Simple configuration driven design to help connect all identity related components
  • Enables a loosely coupled solution for IAM with easy to use extension points to connect third party systems related to IAM concerns
  • Provides a secure and reliable enterprise IAM solution with proactive patching and regular security updates

WSO2 Identity Server is an open source solution that safeguards you from vendor lock-in. It is superior in terms of feature compatibility compared to any commercial IAM solution available in the market. This is because of the rigorous innovation and maintenance cycles used to enhance the IAM implementation and the production hardening, both in terms of performance and feature completeness, enabled via numerous deployments by various industries. The product is developed openly rather than privately, the source code is thrown over the wall after development and you can test and report all security related concerns whenever you wish so.

WSO2 advantages over competitors

  • 100% open source (both the source code and the binaries are released under the most business friendly Apache 2.0 open source license).
  • Ability to easily integrate with any cloud-based or on-premise identity management framework or use store. Well defined and well documented APIs and numerous readymade connectors available in the WSO2 Connector Store to get this done quickly.
  • Numerous workflow templates, policy templates, samples and reference architectures available to help cut down redundant efforts and enable faster IAM solution implementations.
  • Support for heterogenous identity federation protocols (based on open standards) and token transformation and mediation between those.
  • Freedom for architects and developers to pick and choose federation mechanisms, authentication protocols and standard formats and token formats to match their needs.
  • Ability to automate management operations with built-in REST and SOAP APIs.
  • Ease of deployment, user-friendly management operations and low maintenance cost.
  • Component oriented architecture and cloud and container support enables you to deploy IAM capabilities using a topology of your choice based on your needs in a secure, scalable and adaptive manner.
  • The readymade scripts and tools help with rapid deployments, ensuring the ability to go to market quickly with your solution.
  • Continuous innovation that helps build future proof identity and access solutions.
  • Rigorous and frequent product update cycles and state-of-the-art tooling support for managing IAM deployments with DevOps best practices.
  • Comprehensive security scanning and penetrations testing practices to ensure highest degree of quality and security of IAM product suite.
  • Proactive testing and tuning of performance and innovation around performance enhancements.
x
A GUIDE TO WSO2 IDENTITY SERVER
 

About Author

  • Ishara Karunarathna
  • Associate Technical Lead
  • WSO2