Authentication
The authentication framework in OpenIAM provides a flexible solution where you can configure a variety of parameters to implement a flexible and secure authentication solution. This section describes the authentication functionality found in OpenIAM and how it can be configured.
The framework consists of several components which are described below:
- Authentication policy. Used to define authentication parameters such as failed authentication attempts, token life, auto-unlock, etc.
- Authentication provider. Defines the type of authentication which will be used, for instance UserID/password, OTP, Certificate, etc.
- Adaptive authentication provider. Allows creating the authentication workflows, which include other factors such as IP address, Role, etc.
- Content provider. Enables the association of an authentication provider to a domain or URL.
The diagram above describes how the various parts of the authentication framework fit together.
Configuring authentication overview
Configuring authentication starts simple and then is expanded to other types of authentications. You can use the pages below that follow the configuration steps applicable to you needs.
- Configuring authentication.
- Password based authentication.
- Directory based authentication
- Strong authentication using OTP.
- Step-up authentication.
Once you are familiar with the framework, you can extend your authentication model by leveraging the authentication methods further in the document.
Authentication methods
OpenIAM supports the authentication methods described below
| Name | Description |
|---|---|
| SMS / E-mail OTP | Users log in OpenIAM using an OTP over SMS or e-mail. |
| Password authentication | Users authenticate into OpenIAM using a userId and password. |
| Social media authentication | Users log in OpenIAM using their social media handles. |
| Adaptive authentication | Adaptive authentication configuring to create robust authentication flows. |
| Authentication using a FIDO2 device | Users use FIDO 2 to authenticate into OpenIAM. |
| Credential provider | Credential provider for Mac and Windows to replace the OS authentication interface. |
| Delegated authentication | Describes how to configure an external repository (Managed System) for authentication. Managed system based authentication allows customers to use Directories such as LDAP and Active Directory for authentication. |
| Certificate based authentication | Describes configuring Certificate based authentication in OpenIAM. |
| Authentication via Criipto | Describes how to configure authentication process via Criipto. |