API Identity and Access Federation

Enable secure and compliant business collaboration

With the growth of APIs comes the challenge of Identity Federation. Users expect to use apps seamlessly, without a requirement to log in multiple times, even when they may have different profiles and different identities for different services. Technologies such as SAML, OAuth and OpenID are used for this purpose. Axway provides full-featured Identity Federation as part of our comprehensive API Management offering.

Identity Federation deals with the challenge of multiple logins (authentication) across different services. For example, a user may use a composite app which consumes services provided by multiple providers, such as SharePoint (with Claims-Based Authentication) and SalesForce (with SAML). The challenge is to link these identities together, allowing the user to log in once and use the app seamlessly.

Axway API Gateway enables you to securely federate identities in real time using popular standards such as SAML (Security Assertion Mark-Up Language) and OAuth - instead of moving identity data across security domains and relying on point-to-point integrations.

Securely handle access federation

As API usage becomes increasingly federated and credentials are handled by more intermediaries than ever before, it's critical to protect your business against the associated security and compliance risks.

Axway API Gateway encapsulates identity data in signed tokens such as SAML, Kerberos and OAuth 2.0 to enable secured federation of identity data. A built-in Security Token Service (STS) handles token authentication, issuance, validation and mediation tasks, and enables users logged into a local domain to securely single sign-on (SSO) to third-party applications, B2B services and cloud-based services.

Mediate identities and security tokens

Axway API Gateway delivers pre-built integrations with all leading identity management platforms, including CA SiteMinder, Microsoft Active Directory, Entrust, IBM, Oracle and RSA. It can exchange any standard-based or proprietary token, enabling your enterprise to standardize on a single token type like SAML or OAuth. Using a single standard-based token not only allows for cross-domain identity federation, but also alleviates the need for internal applications and SOA components to handle more than a single token type.

Broker trust relationships across security domains

For an API to validate the authenticity and integrity of a client's credentials, it must have a trust relationship with the client, either directly or through a broker. Managing direct trust relationships for a large number of endpoints is simply not scalable, especially for cross-domain relationships.

Axway API Gateway brokers PKI-based trust relationships between clients and services, and automates token negotiation using WS-Trust and WS-Federation standards. By leveraging open standards in this way, Axway maximizes interoperability with leading application, SOA and identity management products. The end result for the consumer is a seamless experience using apps across security domains.

  • Follow Axway on Facebook
  • Follow Axway on Twitter
  • Axway YouTube Channel
  • Axway RSS Feeds
  • Axway Blogs