The only “all-in-one” access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product. Feature overview.
Mobile support out of the box with full OAuth 2.0 and OpenID Connect support, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.
On this page:
OpenAM feature overview
- 100% Java-based architecture allows deployment across many platforms.
- Developer and admin friendly, with task based GUI, REST, C and Java developer tools, and comprehensive documentation.
- Service provider interfaces (SPI’s) provide a framework to extend all service modules such as adding custom authentication modules, federation plug-ins, policy conditions.
- Easily create federated SSO connections with SaaS apps via a GUI-based wizard or can use out-of-the-box Salesforce.com, Google Apps connectors among others.
- Easily setup social authentication with Google, Facebook, MSN, or any OAuth 2.0 provider.
- Simple click through setup of Federation IDP and SPs using SAML, OpenID Connect and OAuth 2.0.
- Full support of OAuth 2.0 and OpenID Connect, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.
- Adaptive Authentication including device fingerprinting ensures mobile devices are trusted.
- REST APIs allow developers to create device agnostic applications. The same API can be used to access OpenAM from a Web or a native mobile application.
- OATH/Soft Token Generator, MSISDN and HOTP (One Time Password) capabilities enable multifactor and mobile authentication.
- 2-factor authentication enabled using a mobile phone, hardware token, biometric device, as a second factor, a requirement for highly sensitive applications and sites.
- Out of the box standard-based solutions such as OATH and HOTP allow use of a mobile phone as a second factor by generating SMS or SOFT-TOKEN.
- Extensible to 3rd party services providing a second factor or identity proofing is configurable as part the authentication approval chain.
- Fraud prevention feature assesses risks during the authentication process to determine whether to require the user to present additional credentials.
- Configurable using a scoring algorithm that calculates a risk score based on an IP address range, geographic location, device fingerprint, account idle time, etc., and apply to the authentication request.
- OpenAM supports 18+ authentication methods out of the box, along with the ability to add new custom methods.
- Windows Desktop SSO support enables a seamless heterogeneous OS and Web application SSO environment.
- Strong Authentication support out of the box with many different options for multi-factor authentication, software and hardware tokens, OATH and HOTP.
- Provides both a coarse-grained policy engine and a fine-grained entitlements service based on XACML (Extensible Authorization Mark-up Language).
- XACML entitlements evaluate and enforce access controls for any object or data component, providing consistent entitlement enforcement from presentation to web services to the database.
- Import and export XML policy files for production environments that use scripts rather than the console.
- OpenAM exposes functions as simple identity web services, so developers can easily invoke them during the app development process.
- Provides client application programming interfaces with REST, Java and C APIs.
- RESTful APIs enable JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using simple REST clients.
- All major federation protocols: SAML 1.x, SAML 2.0 (SP, IdP, ECP, and IdP Proxy), WS-Federation (asserting, relying party).
- Next gen-federation standards for cloud and mobile include full implementation of OpenID Connect and OAuth 2.0 (consumer, provider, authorization server).
- All Web Services security standards- Liberty ID-WSF, WS-I Basic Security Profile, WS-Trust (STS), and WS-Policy.
- FICAM (Federal Identity, Credential, and Access Management) compliant – initiative defined by the U.S. Federal Government to simplify identity and access management across government systems.
- OATH and HOTP standards that allow a mobile phone to be used as a second factor authentication.
- XACML for fine-grained authorization policy definition, import, export.
Support included for IPv6, Java 6 and 7.
- Supports large-scale implementations with millions of users and thousands of authentications per second.
- Requires less hardware at scale, decreasing datacenter cost and complexity.
- High availability with out-of-the-box persistent session failover enables support of complex, multi-site environments.
- OpenDJ comes embedded as a configuration store and a highly scalable and high-performance session-persistent store.