The authentication framework in OpenIAM provides a flexible solution where you can configure a variety of parameters to implement a flexible and secure authentication solution. This section describes the authentication functionality found in OpenIAM and how it can be configured.

The framework consist of several components which are described below:

  • Authentication policy - Used to define authentication parameters such as failed authentication attempts, token life, auto-unlock,etc.
  • Authentication provider - Defines the type of authentication which will be used; UserID/password, OTP, Certificate, etc.
  • Adaptive authentication provider - Allows for the creation of authentication workflows which take into account other factors such as IP address, Role, etc.
  • Content provider - Enables the association of an authentication provider to a domain or URL

Authentication framework overview

The diagram above describes how the various parts of the authentication framework fit together.

Configuring Authentication Overview

The tutorial for configuring authentication start with the simple example which is then expanded to cover other types of authentication. The progression of the tutorial is described below:

  • Configure authentication
  • Password based authentication
  • Directory based authentication
  • Strong authentication using OTP
  • Step-up authentication

Once you are familiar with the framework, you can extend your authentication model by leveraging the authentication methods described below.

Authentication Methods

OpenIAM supports the authentication methods described below

SMS / E-mail OTPUsers log in OpenIAM using an OTP over SMS or e-mail.
Password authenticationUsers authenticate into OpenIAM using a userId and password.
Social media authenticationUsers log in OpenIAM using their social identity
Adaptive authenticationAdaptive authentication configuring to create robust authentication flows
Authentication using a FIDO2 deviceUsers use FIDO 2 to authenticate into OpenIAM
Credential providerCredential provider for Mac and Windows to replace the OS authentication interface.
Delegated AuthenticationDescribes how to configure an external repository (Managed System) for authentication. Managed system based authentication allows customers to use Directories such as LDAP and Active Directory and other for authentication.
Certificate Based AuthenticationDescribes configuring Certificate Based Authentication in OpenIAM
Authenication via CriiptoDecribes how to configure authentication process via Criipto.