New mobile and cloud technologies are creating opportunities for lines of business to expose information assets to a broader audience via APIs in order to open new revenue streams and provide better user experiences. This open enterprise model ensures that partners, customers, employees and developers can gain access to relevant data from whatever location, device or application they require.
Extending existing identity and access management (IAM) infrastructure to manage the identities of users, developers and employees across applications and devices is a critical step in securing these new lines of communication. Leveraging the same identity infrastructure across multiple channels makes it possible to eliminate user ID/password duplication, reduce identity management burden and ensure passwords never leave the enterprise.
Unfortunately, mobile apps, SaaS services, application development platforms and legacy enterprise applications have not yet standardized on a single method for access control: some require SAML; others use various OAuth implementations; others rely on OpenID Connect or even proprietary tokens. Moreover, access needs to be managed for both users and applications–across both browser-based usage and programmatic consumption.
Identity management in the open enterprise requires an API management solution able to deal with every aspect of credential validation, authorization, mapping and brokering. This solution must support the latest identity specifications; be flexible enough to deal with evolving implementations; integrate with standards-based and proprietary IAM systems; provide functionality for managing developer and application access.
The ability to sign on once and have the appropriate identity tokens available for access to enterprise applications and cloud systems is key to the user experience. Single sign-on and federation capabilities provided by a full-featured API management solution can leverage existing IAM solutions for authentication and authorization and then generate a federated identity token that will be valid for internal or external (cloud) applications.
CA API Management solves the problems of runtime access control enforcement as well as design-time developer management. Consisting of CA API Gateway with its embedded OAuth Toolkit and Security Token Service (STS) and CA API Developer Portal, it enables the open enterprise without sacrificing the security required for sensitive data and applications.
CA API Gateway secures enterprise API resources through authentication and authorization of incoming credentials. It collects credentials from the user and can generate (and subsequently validate) mobile-friendly tokens that can be used across multiple applications for single sign-on. Moreover, CA API Gateway can federate to cloud providers and internal applications.
CA API Gateway accepts a variety of credential types, including username/password, certificates, proprietary tokens and WS-Security token profiles. Authentication and authorization can be performed against most leading identity, access, SSO and federation systems. Access control policies can utilize users, groups, roles, attributes, message content and transaction context.
CA API Gateway’s embedded OAuth Toolkit supports all versions of OAuth across all roles and provides the flexibility to interact with non-standard implementations. It provides out-of-the-box support for common cloud token types like SAML and OpenID Connect and can accommodate custom token types specific to a cloud provider. The full-featured STS supports both the WS-Trust and WS-Federation specifications, including SAML 1.1 and 2.0.
CA API Developer Portal adds functionality for developer and application registration plus key generation and distribution for application access. API providers can select from a range of client authentication and authorization requirements and manage the token lifecycle.
Enable secure, manageable partner, mobile and cloud access.
Leverage mobile single sign-on to provide secure, seamless app access.