“All in one” access management that includes authentication, adaptive risk assessment, authorization, federation, single sign-on, social sign-on, basic self-service, privacy and consent, and high performance session management. Feature overview.
Mobile authentication, including Push Authentication feature to verify users without the need for passwords, and multi-factor authentication capabilities with an easy to use mobile app for iOS and Android.
On this page:
OpenAM feature overview
- 100% Java-based architecture allows deployment across many platforms.
- Developer and admin friendly, with task based GUI, REST, C and Java developer tools, and comprehensive documentation.
- Service provider interfaces (SPI’s) provide a framework to extend all service modules such as adding custom authentication modules, federation plug-ins, policy conditions.
- Easily create federated SSO connections with SaaS apps via a GUI-based wizard or can use out-of-the-box Salesforce.com, Google Apps connectors among others.
- Easily setup social authentication with Google, Facebook, MSN, or any OAuth 2.0 provider.
- Simple click through setup of Federation IDP and SPs using SAML, OpenID Connect and OAuth 2.0.
- Full support of OAuth 2.0 and OpenID Connect, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.
- Adaptive Authentication including device fingerprinting ensures mobile devices are trusted.
- REST APIs allow developers to create device agnostic applications. The same API can be used to access OpenAM from a Web or a native mobile application.
- OATH/Soft Token Generator, MSISDN and HOTP (One Time Password) capabilities enable multifactor and mobile authentication.
- 2-factor authentication enabled using a mobile phone, hardware token, biometric device, as a second factor, a requirement for highly sensitive applications and sites.
- Out of the box standard-based solutions such as OATH and HOTP allow use of a mobile phone as a second factor by generating SMS or SOFT-TOKEN.
- Extensible to 3rd party services providing a second factor or identity proofing is configurable as part the authentication approval chain.
- Fraud prevention feature assesses risks during the authentication process to determine whether to require the user to present additional credentials.
- Configurable using a scoring algorithm that calculates a risk score based on an IP address range, geographic location, device fingerprint, account idle time, etc., and apply to the authentication request.
- OpenAM supports 18+ authentication methods out of the box, along with the ability to add new custom methods.
- Windows Desktop SSO support enables a seamless heterogeneous OS and Web application SSO environment.
- Strong Authentication support out of the box with many different options for multi-factor authentication, software and hardware tokens, OATH and HOTP.
- Provides both a coarse-grained policy engine and a fine-grained entitlements service based on XACML (Extensible Authorization Mark-up Language).
- XACML entitlements evaluate and enforce access controls for any object or data component, providing consistent entitlement enforcement from presentation to web services to the database.
- Import and export XML policy files for production environments that use scripts rather than the console.
- OpenAM exposes functions as simple identity web services, so developers can easily invoke them during the app development process.
- Provides client application programming interfaces with REST, Java and C APIs.
- RESTful APIs enable JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using simple REST clients.
- All major federation protocols: SAML 1.x, SAML 2.0 (SP, IdP, ECP, and IdP Proxy), WS-Federation (asserting, relying party).
- Next gen-federation standards for cloud and mobile include full implementation of OpenID Connect and OAuth 2.0 (consumer, provider, authorization server).
- All Web Services security standards- Liberty ID-WSF, WS-I Basic Security Profile, WS-Trust (STS), and WS-Policy.
- FICAM (Federal Identity, Credential, and Access Management) compliant – initiative defined by the U.S. Federal Government to simplify identity and access management across government systems.
- OATH and HOTP standards that allow a mobile phone to be used as a second factor authentication.
- XACML for fine-grained authorization policy definition, import, export.
Support included for IPv6, Java 6 and 7.
- Supports large-scale implementations with millions of users and thousands of authentications per second.
- Requires less hardware at scale, decreasing datacenter cost and complexity.
- High availability with out-of-the-box persistent session failover enables support of complex, multi-site environments.
- OpenDJ comes embedded as a configuration store and a highly scalable and high-performance session-persistent store.