The authentication framework in OpenIAM provides a flexible solution where you can configure a variety of parameters to implement a flexible and secure authentication solution. This section describes the authentication functionality found in OpenIAM and how it can be configured.
The framework consist of several components which are described below:
- Authentication policy - Used to define authentication parameters such as failed authentication attempts, token life, auto-unlock,etc.
- Authentication provider - Defines the type of authentication which will be used; UserID/password, OTP, Certificate, etc.
- Adaptive authentication provider - Allows for the creation of authentication workflows which take into account other factors such as IP address, Role, etc.
- Content provider - Enables the association of an authentication provider to a domain or URL
The diagram above describes how the various parts of the authentication framework fit together.
Configuring Authentication Overview
The tutorial for configuring authentication start with the simple example which is then expanded to cover other types of authentication. The progression of the tutorial is described below:
- Configure authentication
- Password based authentication
- Directory based authentication
- Strong authentication using OTP
- Step-up authentication
Once you are familiar with the framework, you can extend your authentication model by leveraging the authentication methods described below.
OpenIAM supports the authentication methods described below
|SMS / E-mail OTP||Users authenticate into OpenIAM using a userId and password.|
|Social authentication||Users authenticate into OpenIAM their social identity|
|Adaptive Auth||Describes how to configure adaptive authentication to create robust authentication flows|