Skip to main content

Identity Manager Concept

User Management

Management of platform users

Authentication

Authentication mechanisms

Authorization

Authorization and access control

Integration

LDAP, Active Directory integration

Identity Manager Features

User Management

  • Creating, editing, and deleting users
  • User profile management
  • Password management
  • User status management (active/inactive)
  • Role definition and management
  • User-role assignment
  • Role-based access control
  • Creating custom roles
  • Creating user groups
  • Group-based authorization
  • Group membership management

Authentication

OAuth2

  • Authorization Code Flow
  • Client Credentials Flow
  • Resource Owner Password Credentials

OIDC

  • OpenID Connect support
  • ID Token management

JWT

  • JWT token generation
  • JWT token validation
  • JWT token signing

Basic/Digest Auth

  • HTTP Basic Authentication
  • HTTP Digest Authentication

Authorization

  • Creating and managing API Keys
  • API Key validation
  • Revoking API Keys
  • API Key rotation
  • API Proxy-based access control
  • Endpoint-based access control
  • Method-based access control
  • Role-based authorization
  • Permission management
  • Dynamic role assignment

External Identity Provider Integration

LDAP

  • LDAP connection
  • LDAP user validation
  • LDAP group matching

Active Directory

  • Active Directory integration
  • AD user validation
  • AD group management

SAML

  • SAML 2.0 support
  • SSO (Single Sign-On)

Custom Provider

  • Custom identity provider integration
  • REST API integration

Identity Manager Usage Scenarios

Platform User Management

  1. Creating users
  2. Role assignment
  3. Permission management
  4. User status management

API Consumer Management

  1. Creating API Consumer account
  2. Generating API Keys
  3. Subscribing to API products
  4. Usage monitoring

LDAP Integration

  1. LDAP connection configuration
  2. User synchronization
  3. Group matching
  4. Automatic user management

Identity Manager and API Gateway Relationship

Identity Manager supports authentication and authorization operations of API Gateway. Workflow: 
API Consumer

   │ Request (API Key / Token)

API Gateway

   │ Authentication Request

Identity Manager

   │ Validation Result

API Gateway

   │ Request Processing

Backend API

1. Request

API Consumer sends request with API Key or TokenRequest is routed to API Gateway.

2. Validation

API Gateway sends authentication request to Identity ManagerToken or API Key is validated.

3. Authorization

Identity Manager returns validation result and authorization informationUser permissions are checked.

4. Processing

API Gateway processes request if validation is successfulPolicies are applied and routing is done.

5. Response

Response from Backend API is delivered to clientAll operations are logged.
This integration between Identity Manager and API Gateway provides central identity management and secure API access.

Identity Provider Integration

Identity Manager can obtain user information from different sources (Identity Provider) for authentication. In addition to Apinizer’s own embedded identity provider, the following sources can be used:

Database Connection

User validation by connecting to databases
  • Connecting to databases like MySQL, PostgreSQL, Oracle, MSSQL
  • Querying user information from database
  • Password validation and obtaining user information

API Call

Authentication via REST API
  • Calling REST APIs of external identity providers
  • Token-based authentication
  • Integration with custom authentication services

LDAP/Active Directory

LDAP and Active Directory integration
  • Connecting to LDAP servers
  • Integration with Active Directory
  • Obtaining user and group information from LDAP
Authentication via database connection:
  • Database Connection: Connecting to database through Connection management
  • User Query: Obtaining user information with SQL queries
  • Password Validation: Comparing with password in database
  • User Information: Obtaining user profile information
When database identity provider is used, user information is dynamically retrieved from the database and there is no need for Apinizer’s own user database.
Authentication via REST API:
  • API Endpoint: REST API endpoint of external identity provider
  • Request Format: Request format and parameters
  • Response Parsing: Response format and extracting user information
  • Error Handling: Managing error situations
Thanks to API Call identity provider, integration can be done with any REST API-based identity provider.
LDAP and Active Directory integration:
  • LDAP Connection: Connecting to LDAP server
  • User Search: Searching and validating users in LDAP
  • Group Information: Obtaining user’s group memberships
  • Active Directory: Integration with Windows Active Directory
When LDAP identity provider is used, direct integration with enterprise user databases is provided.
Identity Manager provides a flexible identity management solution by supporting different identity providers. This facilitates integration with existing enterprise identity systems.

Next Steps

API Manager

Learn about API Manager component

API Gateway

Learn about API Gateway component

Identity Management

Identity management documentation

LDAP Integration

LDAP integration