This Blog Is Not Updated Any More.

Check out my new blog on Medium: http://facilelogin.com

Topics: Identity and Access Management, Blockchain, Ethereum, Bitcoin, Security, PSD2, GDPR



Wednesday, March 9, 2016

Identity Patterns with the WSO2 Identity Server
Multiple login options by service provider

Problem:
  • The business users need to access multiple service providers, where each service provider requires different login options. For example login to Google Apps with username/password, while login to Drupal either with username/password or Facebook. 
  • Enable multi-factor authentication for some service providers. For example login to Salesforce require username/password + FIDO.
Solution:
  • Deploy WSO2 Identity Server over the enterprise user store. 
  • Represent each service providers in Identity Server and under each service provider, configure local and outbound authentication options appropriately. To configure multiple login options, define an authentication step with the required authenticators. 
  • When multi-factor authentication is required, define multiple authentication steps having authenticators, which support MFA in each step. For example username/password authenticator in the first step and the FIDO authenticator in the second step. 
  • If federated authentication is required, for example, login with Facebook, represent all federated identity providers in Identity Server, as Identity Providers and engage them with appropriate service providers under the appropriate authentication step. 
  • In each service provider, configure WSO2 Identity Server as a trusted identity provider. For example in Google Apps, add WSO2 Identity Server as a trusted identity provider. 
  • Products: WSO2 Identity Server 5.0.0+ 

0 comments: