Improve security and user experience: Provide two-factor authentication (2FA) through push notifications to customer mobile apps
Identity Pools: Don't have an IDP? Store user identities in hyper-scale Identity Pools. Register users at scale and display branded login screens to allow access to your apps. Create as many Identity Pools as you need for partners, customers and developers
Future-proof, open-standard based application integration: OAuth2.1, OAuth2, FAPI, OpenID Connect
RBAC/ABAC/PBAC: Perform Role, Attribute & Permission Based Access Control based on information from identity sources. Use a WYSIWYG policy editor or create policies with the open policy language REGO
Transactional MFA: Prompt users for step-up authentication for authorization to sensitive data or services
Smart Tokens: Data-level governance to control data distribution to applications
Consent Ledger: Fine-grained consent grants put users in control of their PII and how it is distributed
Partner Data Sharing: Enable data sharing with Partners
Delegated Administration: Multi-level policy management for admins, 3rd party developers and partners
Distributed Policy Enforcement: Centralized policy management with enforcement distributed across cloud engines and service meshes; gateway authorizers deployed in a sidecar model
Dynamic Authorization Policies: Perform risk-aware authorizations that consider transaction payloads and API invocation characteristics
Automated Workload Discovery & Orchestration to Achieve Zero-Trust: Broad support for API Gateways as well as deep integration and service identity for modern application backends running on K8s and service meshes
Multi-point Policy Enforcement: Enforcement of policies at OAuth authorization server during token minting, scope assignment as well as at the API endpoint level. Flexible delivery of attributes to client apps for effective soft enforcement
Find out how we can help you with your identity and authorization journey
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.