Consumer onboarding is one of the, if not the most, important functions of a customer identity and access management (CIAM) solution. An overly complicated onboarding workflow significantly detracts from the consumer experience. Providing an effective, engaging and efficient onboarding workflow without compromising security has always been a challenge among security and risk professionals.
The inspiration for this two-part article series comes from many customer implementations carried out by WSO2 over the past 15 years on consumer onboarding and log-in journeys in CIAM. …
Checkout this article on which I collaborated on writing with Sherene Mahanama.
WSO2 Identity Server provides many identity management workflows and password management workflows out-of-the-box. E.g. self-registration, user invitations, password recovery, etc. However, it is not atypical to come across situations where you would find that the workflow capabilities provided out-of-the-box in the product is not sufficient to fulfil your business requirement.
In such situations users would generally prefer to take one of the following alternative courses of action, listed in ascending order of complexity:
WSO2 Identity Server supports two kinds of Rest APIs.
The intention of Admin Rest APIs is to authorize users/systems that have the required level of permission under the Mandatory Access Control (MAC) model, or OAuth 2.0 scope under the delegated access control model, to invoke these Rest APIs. These Rest APIs generally operate on system configuration data or identity data of a different user/system than the one calling the Rest API. In WSO2 Identity Server, any Rest API URL that does not contain “/Me” in its path is an Admin Rest API. E.g. SCIM…
How to configure MFA and/or adaptive authentication for a group of service providers, instead of at an individual service provider level?
Configuring MFA and/or adaptive authentication for a group of service providers is not possible with WSO2 Identity Server as of version 5.11.0.
However, configuring MFA on a global (tenant) level is possible by configuring the ‘default’ sequence in:
The ‘default’ sequence can then be selected from ‘Local and Outbound Authentication’.
How to configure what MFA methods are made available for a specific user?
Configuring MFA methods that are available for a specific user is not an out-of-the-box feature…
In the first part of this two-part article series I’ve introduced “heterogeneous API Management clusters”, its well known examples and its different patterns. I’ve then gone on to discuss the “API Store Separated Clusters” deployment pattern in detail, how they can be implemented in WSO2 API Manager and shortfalls in implementing them in WSO2 API Manager. In this part I will discuss about “Key Manager Separated Clusters” deployment pattern.
In the Key Manager separated patterns, there are mainly 3 important security properties that users look for.
This is for those of you who wanted to understand the WSO2 CIAM User Lifecycle in detail.
1. This diagram is a state diagram; NOT a “flow chart” diagram. Therefore it doesn’t show you the different workflows that trigger the state transitions. The next step would be to come up with a flow diagram as well for this state diagram, to see the full picture.
2. This diagram illustrates an “ideal” user lifecycle based on WSO2 CIAM’s current identity management features; it does not necessarily mean that all the transitions mentioned here are currently possible with out-of-the-box capabilities of the…
WSO2 API Manager supports a variety of deployment patterns for varying business and technical use cases [1,2]. While the all-in-one deployment pattern is at one end of the spectrum as the most simplest deployment pattern, the fully distributed deployment is at the other end of the spectrum as the most flexible deployment pattern. However, in between these two are a wide variety of deployment patterns with varying levels of distribution of components that users may consider from in order to have the most optimal deployment considering aspects such as complexity, flexibility, security and cost.
While the level of distribution of…
A permission in IAM is defined as, a combination of a resource and one of its corresponding actions. Permissions are a fundamental element of any authorization decision.
For an overview of the permission levels that are supported by WSO2 Identity Server, and the various use cases around permissions in WSO2 Identity Server, refer my article “Permissions with WSO2 Identity Server” .
The WSO2 Identity Server comes with native multi-tenancy capability which allows it to be deployed as SaaS solution in your enterprise. An IAM SaaS solution is commonly known as an ‘Identity-as-a-Service’ (IDaaS).
The direct consumers of the IDaaS become…
It is true that WSO2 API Manager  can integrate with most Customer IAM (CIAM) vendors out there in the market, with efforts ranging from integrating using standard endpoints and messages with no-code configurations, to writing Java plug-ins to integrate with non-standard endpoints and messages. Among these options you have The WSO2 Identity Server  which is one of the most advanced CIAM products in the market that is targeted for organizations that are embracing a developer-first culture. It is secure, scalable, API-driven, extensible and uniquely customizable to meet every organizations’ challenging business needs in a dynamic application landscape. You…
IAM Enthusiast, Solutions Architect @ WSO2