SSO Gateway

SSO Gateway

EInnovator SSO Gateway provides a white-label out-of-the-body solution to authentication in micro-services architectures based on **OAuth2** protocol. Build on top of industry recognized framework Spring Security, it adds additional layers of abstraction to make security simpler and feature rich.

Feature AreaFeatureUse Cases
Authentication & Account ManagementSign in/Sign up, Password ManagementOut-of-the-box support for user registration and login
User Identity and ProfileFancy User Profiles and Identify with customizable themes
OAuth2 support and 3th Party Provider IntegrationIndustry-standard for inter-app authentication and access-control
Group & Connection ManagementMulti-Level Groups, Membership ManagementStructure social space from organization to teams, group profile pages
Connection ManagementConnection based access-control
Role Management &
Access Control
Global and per Group Role and Permission ModelSite level and organization level access control
Dynamic registration of roles and permissionsApplication defined roles and access control rules
InvitationsUser and Group Membership invitationsApplication defined roles and access control rules
Invitation Motives and Custom TemplatesCustomize Invitation Messages with Templates and Motive Objects

Advantages

EInnovator SSO Gateway primes for offering a rich security and access-control model unseen in other SSO projects. The white-label model enables startups and enterprises to build business value in to the basic services provided, with the optional collaboration with EInnovator engineering team. Additionally, it is part of a larger micro-service suite that provides a one-stop solution to the difficulties of bootstrapping new projects and refactor legacy ones.

Feature Overview

New application can be made secured automatically be simply importing a SSO client library — such as SSO Spring Boot starter for JavaTM apps. Rich user profiles are supported with fancy and customizable themes. Most aspects of functionality are configurable via UI or configuration files — from API registration, to token and password management.

Multi-Level group hierarchies, structure in organizations, operations, and teams, are supported to allow for rich identity management and fine-grain access control. User and group connections are also modeled in support of networking based applications and security models.

Roles-based access-control model is provided to control global accesses, and internal organization level access to resources. Additionally, object-level access control service is provided using a flexible API. Applications can use this generic access control mechanisms and map them to many use cases.

A configurable invitation mechanism is provided, for single user and bulk invites, customizable invitation templates, motives for invitation, and trigger actions of invitation acceptance.

Authentication & Access-Control — Background

Security is a central requirement in any application and software system. Users need to be authenticated and credentials check for validity to make sure that privacy, access rules, and ownership of resources is secured. In micro-service distributed environments, this is best achieved by having a central authority — Single-Signon Gateway — that handles all the complexities of authentication and manage user identify, group membership, and network connections in a safe way.

OAuth2 is the by far the most widely used security protocol to achieve distributed authentication and access control, providing a security framework where different use-cases can be build.

Security also requires applications to have easy ways to express access control rules, with different approaches needed for different use cases. Role and permission based access control, and explicitly access control lists, are a common approaches for this. Group membership, organization structure, and networks of connections, further add to the complexity.

Growing the user pool of an application is a quintessential element of any successful product. This can be achieved by using viral mechanisms, where users invite others to join — out of collaboration need or cheer enthusiasm about the product.