The authentication framework in OpenIAM provides a flexible solution where you can configure a variety of parameters to implement a flexible and secure authentication solution. This section describes the authentication functionality found in OpenIAM and how it can be configured.

The framework consist of several components which are described below:

  • Authentication policy - Used to define authentication parameters such as failed authentication attempts, token life, auto-unlock,etc.
  • Authentication provider - Defines the type of authentication which will be used; UserID/password, OTP, Certificate, etc.
  • Adaptive authentication provider - Allows for the creation of authentication workflows which take into account other factors such as IP address, Role, etc.
  • Content provider - Enables the association of an authentication provider to a domain or URL

Authentication framework overview

The diagram above describes how the various parts of the authentication framework fit together.

Configuring Authentication Overview

The tutorial for configuring authentication start with the simple example which is then expanded to cover other types of authentication. The progression of the tutorial is described below:

  • Configure authentication
  • Password based authentication
  • Directory based authentication
  • Strong authentication using OTP
  • Step-up authentication

Once you are familiar with the framework, you can extend your authentication model by leveraging the authentication methods described below.

Authentication Methods

OpenIAM supports the authentication methods described below

SMS / E-mail OTPUsers authenticate into OpenIAM using a userId and password.
Social authenticationUsers authenticate into OpenIAM their social identity
Adaptive AuthDescribes how to configure adaptive authentication to create robust authentication flows