Ana içeriğe geç

Identity Manager

Identity Manager Concept

User Management

Management of platform users

Authentication

Authentication mechanisms

Authorization

Authorization and access control

Integration

LDAP, Active Directory integration

Identity Manager Features

User Management

User Accounts
  • Creating, editing, and deleting users
  • User profile management
  • Password management
  • User status management (active/inactive)
Role Management
  • Role definition and management
  • User-role assignment
  • Role-based access control
  • Creating custom roles
Group Management
  • Creating user groups
  • Group-based authorization
  • Group membership management

Authentication

OAuth2
  • Authorization Code Flow
  • Client Credentials Flow
  • Resource Owner Password Credentials
OIDC
  • OpenID Connect support
  • ID Token management
JWT
  • JWT token generation
  • JWT token validation
  • JWT token signing
Basic/Digest Auth
  • HTTP Basic Authentication
  • HTTP Digest Authentication

Authorization

API Key Management
  • Creating and managing API Keys
  • API Key validation
  • Revoking API Keys
  • API Key rotation
Access Control List (ACL)
  • API Proxy-based access control
  • Endpoint-based access control
  • Method-based access control
Role-Based Access Control (RBAC)
  • Role-based authorization
  • Permission management
  • Dynamic role assignment

External Identity Provider Integration

LDAP
  • LDAP connection
  • LDAP user validation
  • LDAP group matching
Active Directory
  • Active Directory integration
  • AD user validation
  • AD group management
SAML
  • SAML 2.0 support
  • SSO (Single Sign-On)
Custom Provider
  • Custom identity provider integration
  • REST API integration

Identity Manager Usage Scenarios

Platform User Management
  1. Creating users
  2. Role assignment
  3. Permission management
  4. User status management
API Consumer Management
  1. Creating API Consumer account
  2. Generating API Keys
  3. Subscribing to API products
  4. Usage monitoring
LDAP Integration
  1. LDAP connection configuration
  2. User synchronization
  3. Group matching
  4. Automatic user management

Identity Manager and API Gateway Relationship

Identity Manager supports authentication and authorization operations of API Gateway. Workflow:

API Consumer

   │ Request (API Key / Token)

API Gateway

   │ Authentication Request

Identity Manager

   │ Validation Result

API Gateway

   │ Request Processing

Backend API
1. Request

API Consumer sends request with API Key or Token

Request is routed to API Gateway.

2. Validation

API Gateway sends authentication request to Identity Manager

Token or API Key is validated.

3. Authorization

Identity Manager returns validation result and authorization information

User permissions are checked.

4. Processing

API Gateway processes request if validation is successful

Policies are applied and routing is done.

5. Response

Response from Backend API is delivered to client

All operations are logged.

bilgi

This integration between Identity Manager and API Gateway provides central identity management and secure API access.

Identity Provider Integration

Identity Manager can obtain user information from different sources (Identity Provider) for authentication. In addition to Apinizer's own embedded identity provider, the following sources can be used:

Database Connection

User validation by connecting to databases

  • Connecting to databases like MySQL, PostgreSQL, Oracle, MSSQL
  • Querying user information from database
  • Password validation and obtaining user information
API Call

Authentication via REST API

  • Calling REST APIs of external identity providers
  • Token-based authentication
  • Integration with custom authentication services
LDAP/Active Directory

LDAP and Active Directory integration

  • Connecting to LDAP servers
  • Integration with Active Directory
  • Obtaining user and group information from LDAP
Database Identity Provider

Authentication via database connection:

  • Database Connection: Connecting to database through Connection management
  • User Query: Obtaining user information with SQL queries
  • Password Validation: Comparing with password in database
  • User Information: Obtaining user profile information
ipucu

When database identity provider is used, user information is dynamically retrieved from the database and there is no need for Apinizer's own user database.

API Call Identity Provider

Authentication via REST API:

  • API Endpoint: REST API endpoint of external identity provider
  • Request Format: Request format and parameters
  • Response Parsing: Response format and extracting user information
  • Error Handling: Managing error situations
ipucu

Thanks to API Call identity provider, integration can be done with any REST API-based identity provider.

LDAP/Active Directory Identity Provider

LDAP and Active Directory integration:

  • LDAP Connection: Connecting to LDAP server
  • User Search: Searching and validating users in LDAP
  • Group Information: Obtaining user's group memberships
  • Active Directory: Integration with Windows Active Directory
ipucu

When LDAP identity provider is used, direct integration with enterprise user databases is provided.

bilgi

Identity Manager provides a flexible identity management solution by supporting different identity providers. This facilitates integration with existing enterprise identity systems.

Next Steps

API Manager

Learn about API Manager component

API Gateway

Learn about API Gateway component

Identity Management

Identity management documentation

LDAP Integration

LDAP integration

En son tarihinde güncellendi