Authorization as a Service
Identity-Aware Authorization at Scale
Authentication
Decouple Authentication from Authorization: Accelerate and future-proof your development efforts by breaking the dependency between applications and data sources
Data Hub: Aggregate and normalize identity data from multiple sources
Improve security and user experience: Provide two-factor authentication (2FA) through push notifications to customer mobile apps
Identity Pools: Don't have an IDP? Store user identities in hyper-scale Identity Pools. Register users at scale and display branded login screens to allow access to your apps. Create as many Identity Pools as you need for partners, customers and developers
Access Control
Future-proof, open-standard based application integration: OAuth2.1, OAuth2, FAPI, OpenID Connect
RBAC/ABAC/PBAC: Perform Role, Attribute & Permission Based Access Control based on information from identity sources. Use a WYSIWYG policy editor or create policies with the open policy language REGO
Transactional MFA: Prompt users for step-up authentication for authorization to sensitive data or services
Data Control
Smart Tokens: Data-level governance to control data distribution to applications
Consent Ledger: Fine-grained consent grants put users in control of their PII and how it is distributed
Partner Data Sharing: Enable data sharing with Partners
Delegated Administration: Multi-level policy management for admins, 3rd party developers and partners
Adaptive Enforcement
Distributed Policy Enforcement: Centralized policy management with enforcement distributed across cloud engines and service meshes; gateway authorizers deployed in a sidecar model
Dynamic Authorization Policies: Perform risk-aware authorizations that consider transaction payloads and API invocation characteristics
Automated Workload Discovery & Orchestration to Achieve Zero-Trust: Broad support for API Gateways as well as deep integration and service identity for modern application backends running on K8s and service meshes
Multi-point Policy Enforcement: Enforcement of policies at OAuth authorization server during token minting, scope assignment as well as at the API endpoint level. Flexible delivery of attributes to client apps for effective soft enforcement
