Authorization as a Service

Identity-Aware Authorization at Scale

Authentication

Decouple Authentication from Authorization: Accelerate and future-proof your development efforts by breaking the dependency between applications and data sources

Data Hub: Aggregate and normalize identity data from multiple sources

Improve security and user experience: Provide two-factor authentication (2FA) through push notifications to customer mobile apps

Identity Pools: Don't have an IDP? Store user identities in hyper-scale Identity Pools. Register users at scale and display branded login screens to allow access to your apps. Create as many Identity Pools as you need for partners, customers and developers

Authentication

Access Control

Future-proof, open-standard based application integration: OAuth2.1, OAuth2, FAPI, OpenID Connect

RBAC/ABAC/PBAC: Perform Role, Attribute & Permission Based Access Control based on information from identity sources. Use a WYSIWYG policy editor or create policies with the open policy language REGO

Transactional MFA: Prompt users for step-up authentication for authorization to sensitive data or services

Example OPA Policies

Data Control

Smart Tokens: Data-level governance to control data distribution to applications

Consent Ledger: Fine-grained consent grants put users in control of their PII and how it is distributed

Partner Data Sharing: Enable data sharing with Partners

Delegated Administration: Multi-level policy management for admins, 3rd party developers and partners

Data Control

Adaptive Enforcement

Distributed Policy Enforcement: Centralized policy management with enforcement distributed across cloud engines and service meshes; gateway authorizers deployed in a sidecar model

Dynamic Authorization Policies: Perform risk-aware authorizations that consider transaction payloads and API invocation characteristics

Automated Workload Discovery & Orchestration to Achieve Zero-Trust: Broad support for API Gateways as well as deep integration and service identity for modern application backends running on K8s and service meshes

Multi-point Policy Enforcement: Enforcement of policies at OAuth authorization server during token minting, scope assignment as well as at the API endpoint level. Flexible delivery of attributes to client apps for effective soft enforcement

API Gateways
Cloud Identity Management