We-Humans, need Safety and Security done easily; WSO2 IAM at your service!
We need to Authenticate, But not always type my password.
Applications are everywhere. HR apps, Payroll apps, entertainment apps, SaaS apps and what not. When you are a digital service provider it is mandatory that these apps are protected by some identity; mostly against user credentials. But, how many applications do you have in your organization, how many times you are going to ask my password? No, I don’t like to repeat my username and password every time I log into an application in your system.
Single Sign-On(SSO) is the well-known magic where you ask the user’s credentials once and WSO2 identity server will take care of sign-in the user automatically to other applications seamlessly. Logout is all the same. User logout from one application and WSO2 Identity Server will take care of logging the user out of other applications in the same browser session.
Read more about enabling SSO with WSO2 Identity Server here: https://docs.wso2.com/display/IS570/Single+Sign-On
I have a google account that I’ve put all my faith in. Why can’t I use it to log in to your applications?
Social identities are huge in numbers and common among everyone. And we have taken extra measures to keep these accounts off the intruders' hands. Enabling login to your applications using these identities will increase the usage of your services/applications proportionally.
Simply Federate Identification requests to a secondary Identity Provider; let it be a social identity provider like google, facebook or twitter, or an enterprise Identity provider such as ADFS or your own. WSO2 Identity Server has the capability to federate authentication request using standards protocols(SAML/OIDC/etc) and has inbuilt federation capabilities supported for multiple SaaS IAM vendors or allows you to plug a custom connector to do so.
Read more about Identity Federation with WSO2 IS here: https://docs.wso2.com/display/IS570/Identity+Federation
Is password enough? I don't feel safe enough!
What if someone stole or guessed my password? Do your system takes additional steps to validate my identity. Well, if you use the WSO2 Identity Server to provide authentication to your apps, you are in good hands. You can enable additional steps such as One-Time-Password(OTP) over SMS or EMAIL, TOTP with Google Authenticator, FIDO, biometrics authentication with MePin and many more validation factors to authentication flow in a few minutes. When you enable Multifactor Authentication(MFA) for your applications, users know that there are additional security measures to protect the system even the password is compromised.
Read more about MFA with WSO2 Identity Server here: https://docs.wso2.com/display/IS570/Multi-factor+Authentication+for+WSO2+IS
But please don’t flood me with SMS
MFA is handy, yet it can be annoying when it always ask to enter the validation code sent to my mobile or plug in my U2F device. But if the system can decide when to ask for an additional authentication step depending on the criticality, that’ll be a smarter go. With WSO2 Identity Server, you can make the system to decide when to ask for additional validation steps based on the risk. For example, when I log-in using my laptop from my office network just asking my credentials is satisfactory. But what if the system gets an authentication request with my credentials from Eskimo network at Antarctica; that is certainly fishy and a good time to ask 6 digit code in Google Authenticator app on my phone. Adaptive Authentication is the newest security guy at the gates with the brains to step up or step down the security scan.
Read more about Adaptive Authentication with WSO2 Identity Server here: https://docs.wso2.com/display/IS570/Adaptive+Authentication
The list goes on, of what we need and what you can provide with WSO2 Identity Server in IAM domain to make sure systems are secure, resources are safe and stakeholders are guaranteed of both. Most importantly, no complex quests to be fulfilled in order to enter through the system’s gates, yet no-one unworthy can enter. Read more about WSO2 Identity servers capabilities and usage from here: https://wso2.com/identity-and-access-management/
