Onegini is a complete solution for managing your customer’s authorizations. It provides a comprehensive security token server that integrates with enterprise identity and access management systems based on the latest Web and API security standards such as OAuth 2.0. With Onegini, companies and users can interact by securely sharing data between different applications, and allow users to approve applications to act on their behalf without sharing passwords.
OAuth is becoming the standard for access management with RESTful APIs. OAuth has the advantage of being: lightweight, Universal access for web, mobile app or any other third party application. Unfortunately, OAuth can also be complex to set up, given the number of actors, token formats, transports, management, logging and security mechanisms, required. Especially handling all the user interactions requires a flexible architecture since the number of devices is growing rapidly.
The Onegini Token Server is product for managing authorizations of resource access compliant to the OAuth 2.0 standard. It can easily be plugged in to your current infrastructure and can cooperate with existing authentication services. The key components are:
|Core OAuth 2.0 spec compliant authorization server||The core engine of the Onegini OAuth server is responsible for token management|
|Monitoring and auditing||To keep track of all events and to enable operators to analyze behavior.|
|Management console||For administrators, a complete dashboard is available|
|Management and user interface API||End -user and management APIs enables to integrate Onegini functionality into you own systems.|
Protecting APIs against attacks is crucial these days. Onegini provides comprehensive API security and pre-built identity management integration. Onegini protects the APIs by managing tokens and preventing token abuse. Onegini also provides auditing and monitoring capabilities to support enterprises in being complaint.
Onegini is unique because it is a complete solution with a clear focus: protecting your enterprise APIs using OAuth. It can be easily integrated within your IT infrastructure. The software is easy to install and there is no coding needed. It is a stateless scalable engine, including administration and operational consoles.
The core of Onegini is managing and protecting tokens. Long-lived tokens and identity information will be stored encrypted in the database. It contains access and refresh tokens including properties such as one time tokens, expiration date, number of times to be used, scope linking etc. Onegini architecture is an event-based engine and all events will be stored in multiple databases. Onegini’s search database enables real-time analysis of token abuse. Onegini supports the latest OAuth 2.0 spec including the required threat model. Both the spec and threat model will be monitored and applied throughout the lifecycle of the Onegini OAuth server.
Native applications running on mobile devices often pose a security thread since there is a lack of a trusted computing base. Onegini provides a mechanism to uniquely identify devices running native applications. This dynamic client registration process allows a client to register itself with the authorization server. Onegini will dynamically provision a client identifier and a client secret to be used by the client. Because Onegini can uniquely identify the different devices that are interacting with the server it can properly detect abuse and take appropriate action.
Onegini has an extensive management and end-user API which can be used by your own applications / clients. Onegini supports the following interfaces: