Many businesses that rely on traditional identity and access management (IAM) now demand collaboration between heterogeneous identity systems. Customer IAM makes it mandatory for identity-related data to be readily available and facilitate a seamless experience across multiple applications. If such data is unavailable, businesses could easily lose their valuable customers to the competition.
The recipe behind a successful ecosystem, that fulfills the demands of modern consumers and enterprises, involves the utilization of identity APIs that are based on recognized standards.
This deck will take you through:
- Identity APIs and their importance
- How they support digital transformation/CIAM initiatives
- WSO2 Identity Server as an Identity API platform
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/09/identity-apis-and-the-road-to-digital-transformation/
7. Challenges with Siloed IAM - Centralized but
Proprietary
● Identity mismanagement between silos
● SSO between silos is hard
● Integration between organization or departments are difficult or
impossible
12. Authorization APIs
● APIs that controls user or administrator permission/access
rights to resources.
● OAuth 2.0
○ Authorization Code Grant
○ SAML Bearer Grant
○ JWT Grant
○ Client Credentials Grant
14. New Drift → Customer is King
● CIAM
● Industry become customer
centric
● Seamless integration between
devices (Omni channel)
● Privacy concerns GDPR &
PSD2
● Party to Party delegation
15. CIAM at a Glance
Self Care
Portal
Identity
Provider
Retail
Application
Cloud
OIDC
OpenID
Connect / SCIM
/ XACML
Customer
CRM
SCIM
XYZ Corp
16. Evolution of IAM by KuppingerCole
Source https://www.kuppingercole.com/report/lc79012
18. Modern API categories
Authorization APIs03
Identity & User Management APIs01
Authentication APIs02
Audit & Compliance APIs04
DevOps APIs07
Workflow & Orchestration APIs05
API Developer Support08
API security06
19. Identity & User Management APIs
Self Care
Portal
Identity
Provider
AA Org CC Org
Identity
Provider
BB Org
Identity
Provider
SCIM
SCIM SCIM
Inbound Outbound
Inbound
20. Authz Code Grant Flow
Application (OAuth
Client)
OAuth
Authorization
Server
2
3
4
1
5
6
7
8
OAuth
Resource
Server
Introspect
Authenticate + Consent
Authz Code
302
Access
Token Rq
Access Token
Access Token
Access Token
Resource
Request
Prerequisite
Client application
registered with the
Authz Server
manually or via
Dynamic Client
Registration
Resource
Owner
21. Authentication APIs
● Authentication method support via APIs within the range of
username/password to biometrics and anything in between.
● SSO and session management.
● Authentication with OIDC - OpenID Connect
22. OIDC Flow
Application (OAuth
Client)
OAuth Authorization
Server
Resource
Owner
2
3
4
1
5
6
9
OAuth
Resource
Server
Introspect
Authenticate + Consent
Authz Code
302
Access
Token Rq
Access Token
ID Token
User Info
Request
7
Access Token
Access Token
8
Access Token
Resource
Request
scope=openid
26. And there’s more..
● DevOps APIs
○ Tools, automation, and continuous integrations.
● API security
○ Encryption, rate limiting, content filtering, and schema
validation.
● API Developer Support
○ Documentation, tutorials, and community support.
27. WSO2 as an overall Leader
● Only open source IAM vendor in leader category.
Source https://www.kuppingercole.com/report/lc79012
28. Conclusion
● Evolution of IAM and Identity APIs
● Identity APIs and their importance
● How they support digital transformation/CIAM initiatives
● WSO2 Identity Server as an Identity API platform