SSO Gateway
EInnovator SSO Gateway provides a white-label out-of-the-body solution to authentication in micro-services architectures based on **OAuth2** protocol. Build on top of industry recognized framework Spring Security, it adds additional layers of abstraction to make security simpler and feature rich.
| Feature Area | Feature | Use Cases |
|---|---|---|
| Authentication & Account Management | Sign in/Sign up, Password Management | Out-of-the-box support for user registration and login |
| User Identity and Profile | Fancy User Profiles and Identify with customizable themes | |
| OAuth2 support and 3th Party Provider Integration | Industry-standard for inter-app authentication and access-control | |
| Group & Connection Management | Multi-Level Groups, Membership Management | Structure social space from organization to teams, group profile pages |
| Connection Management | Connection based access-control | |
| Role Management & Access Control | Global and per Group Role and Permission Model | Site level and organization level access control |
| Dynamic registration of roles and permissions | Application defined roles and access control rules | |
| Invitations | User and Group Membership invitations | Application defined roles and access control rules |
| Invitation Motives and Custom Templates | Customize Invitation Messages with Templates and Motive Objects |
Advantages
EInnovator SSO Gateway primes for offering a rich security and access-control model unseen in other SSO projects. The white-label model enables startups and enterprises to build business value in to the basic services provided, with the optional collaboration with EInnovator engineering team. Additionally, it is part of a larger micro-service suite that provides a one-stop solution to the difficulties of bootstrapping new projects and refactor legacy ones.
Feature Overview
New application can be made secured automatically be simply importing a SSO client library — such as SSO Spring Boot starter for JavaTM apps. Rich user profiles are supported with fancy and customizable themes. Most aspects of functionality are configurable via UI or configuration files — from API registration, to token and password management.
Multi-Level group hierarchies, structure in organizations, operations, and teams, are supported to allow for rich identity management and fine-grain access control. User and group connections are also modeled in support of networking based applications and security models.
Roles-based access-control model is provided to control global accesses, and internal organization level access to resources. Additionally, object-level access control service is provided using a flexible API. Applications can use this generic access control mechanisms and map them to many use cases.
A configurable invitation mechanism is provided, for single user and bulk invites, customizable invitation templates, motives for invitation, and trigger actions of invitation acceptance.
Authentication & Access-Control — Background
Security is a central requirement in any application and software system. Users need to be authenticated and credentials check for validity to make sure that privacy, access rules, and ownership of resources is secured. In micro-service distributed environments, this is best achieved by having a central authority — Single-Signon Gateway — that handles all the complexities of authentication and manage user identify, group membership, and network connections in a safe way.
OAuth2 is the by far the most widely used security protocol to achieve distributed authentication and access control, providing a security framework where different use-cases can be build.
Security also requires applications to have easy ways to express access control rules, with different approaches needed for different use cases. Role and permission based access control, and explicitly access control lists, are a common approaches for this. Group membership, organization structure, and networks of connections, further add to the complexity.
Growing the user pool of an application is a quintessential element of any successful product. This can be achieved by using viral mechanisms, where users invite others to join — out of collaboration need or cheer enthusiasm about the product.
