Feature | Description |
|---|
| System and User Identity Management | - Easy integration with enterprise LDAP, Microsoft Active Directory, or any JDBC database
- Comprehensive UIs to configure more than one user stores in a multi tenanted manner.
- Extensible identity management including password polices, account locking, self sign-up, account recovery, account confirmation etc for external applications over APIs
- One Time Password support
- Multifactor authentication
- Single Sign-On (SSO) via OpenID, SAML2 and Kerberos KDC
- SSO bridging between on-premises systems and Cloud apps
- Provisioning via SCIM instead of legacy SPML
- Implement REST security with OAuth 2.0* and XACML
- Delegation via OAuth 1.0a, OAuth 2.0*, and WS-Trust.
- Federation via OpenID, SAML2, and WS-Trust STS
- OpenID Connect 1.0 on top of OAuth 2.0 to get user authentication events and user claims to the external applications.
- Integration with Microsoft SharePoint with Passive STS support
- Flexible profile management for users supporting multiple profiles per user
- Auditing via XDAS
- Credential mapping across different protocols
- XKMS for key storage and distribution
|
| Entitlement Management | - Role-based access control (RBAC)
- Attribute-based or claim-based access control via XACML, WS-Trust, OpenID, OpenID Connect and claim management
- Fine-grained policy-based access control via XACML
- Advanced entitlement auditing and management
- Entitlement management for any REST or SOAP calls
|
| XACML 2.0/3.0 Support | - User-friendly interface for policy editing
- Multiple Policy Information Point (PIP) support
- 'TryIt' tool for exploring policy impact
- Policy distribution to various Policy Decision Points (PDPs)
- Policy decision and attribute caching
- High-performance network protocol (over Thrift) for PEP/PDP interaction
- Notifications for policy updates
|
| Lightweight, Developer-Friendly, and Easy to Deploy | - Complete SOAP API for integrating/embedding into any application or system
- Pluggable workflows for privileged operations
- Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
- Clustering for high-availability deployment
- Choice of deployment to on-premises servers or to private or public Cloud (WSO2 StratosLive Identity-as-a-Service) without configuration changes
- Integrated with WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication
|
| Management and Monitoring | - Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
- Built-in collection and monitoring of standard access and performance statistics
- JMX MBeans for monitoring and management of key metrics
- Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
- Flexible logging support with integration to enterprise logging systems
- Centralized configuration management across different deployment environments with lifecycle management and versioning through integration with WSO2 Governance Registry
|