IAMaaS
Cloudentify™ Cloud Identity for Managed Service Providers and Cloud Service Providers
Cloudentify Identity Platform-as-a-Service is a multi-tenanted cloud identity platform for Managed Service Providers (MSPs) and Cloud Service Providers (CSPs). Cloudentify is designed for you to deploy in your own datacenter and operate using your own tools.
Reliable and Scalable
Cloudentify is a three-tiered system architected using proven cloud application techniques to make it reliable, scalable, and efficient. Cloudentify’s built-in cluster management lets you easily scale out the API tier to accommodate increased demand. Built-in data replication lets you scale out the data tier to provide redundancy and reduced latency.
Easy to Deploy and Configure
Cloudentify uses Docker container technology to simplify initial deployment, tenant onboarding, and scaleout scenarios. Deploying Cloudentify can be as simple as running a single shell script on a machine running Docker Engine. Onboarding a new tenant or distributing a tenant’s directory to another datacenter can be accomplished with one or two API calls.
Easy to Integrate
Cloudentify uses popular industry standard APIs such as OAuth 2, OpenID Connect, and OData, making it suitable as both an IDaaS platform or as comprehensive identity infrastructure for your own cloud applications. Most application platforms provide built-in support for these protocols. And because everything in Cloudentify is API-driven, you don’t have to work around existing web user interface components.
Easy to Operate
All of the Cloudentify components generate detailed log messages that are easily consumed by log monitoring and aggregation tools, providing clear insight into system health and performance. Cloudentify uses industry standard log formats to make integration with monitoring tools easy.
CSP and Tenant Web Portals
Cloudentify includes easy to use web portals for the CSP as well as tenant administrators and end users. CSP administrators can perform administrative operations either through the web portal or through RESTful command-line tools like curl or PowerShell. Tenant administrators can use their web portal
Multi-tenant Directory Services
At the core of Cloudentify is a multi-tenant directory based on ViewDS’s mature and proven directory server technology. It provides advanced indexing and caching capabilities to ensure high performance and low resource utilization.
Extensible schema
Each tenant in Cloudentify has a separately configurable schema. Tenant administrators can add new entity types, extend existing entity types, and define relationships between them. This allows each tenant to configure the directory to suit their own organizational and application needs.
OData Graph API
Cloudentify exposes directory content through the standard OData API. OData is a RESTful API that allows sophisticated queries and efficient navigation through the directory graph. Many web platforms and tools provide support for OData.
Attribute-based and role-based access control
Access to the Cloudentify directory is controlled through attribute-based access control (ABAC) and role-based access control (RBAC) policies. Administrators can define access policies based on attributes of users and resources. They can also define their own roles and role hierarchies.
Replicated and Distributed
The Cloudentify object store can be replicated on a tenant-by-tenant basis, allowing the operator to provided redundancy, increased throughput, as well as controlling the location of sensitive identity data.
Authentication Services
Cloudentify provides each tenant with a wide range of individually configured authentication services that provide for single sign-on and easy application integration.
OpenID Connect authentication
Interactive authentication to Cloudentify is done using the OpenID Connect (OIDC) standard. OIDC supports secure authentication using a browser or external program. Users that authenticate using OIDC can then get single sign-on services to registered applications as well as external SAML service providers.
Social Login
Each tenant can configure authentication using popular social login providers such as Google, Twitter, Facebook, and LinkedIn.
SAML Identity Provider
Each tenant can configure one or more SAML identity providers to allow for single sign-on to external SAML-based applications such as cloud SaaS applications. Users who authenticate to Cloudentify, either through OIDC or externally through another SAML IdP can then get single sign-on to relying applications.
SAML Service Provider
Each tenant can configure Cloudentify to act as a SAML service provider that takes advantage of an external SAML IdP. With this configuration, users can authenticate using their on-premises Active Directory and a federation service such as Active Directory Federation Services (ADFS).
Two-factor authentication
Each tenant can configure the use of two-factor authentication for specific applications using Google Authenticator.
Certificate-based authentication
Tenant administrators can also configure certificate-based authentication using locally stored certificates or smart cards.
Authorization Services
Cloudentify also provides tenant-configured authorization services for end-users and applications using industry standard protocols.
OAuth 2 Authorization
Applications integrated with Cloudentify can take advantage of both OAuth 2 consent-based authorization (user explicitly grants access to their details to an application) or consent-assumed (no user interaction required) authorization.
Externalized Attribute-based and Role-based Authorization (ABAC and RBAC)
Cloudentify provides each tenant with an authorization endpoint that supports the REST/JSON request profile of the Extensible Access Control Markup Language (XACML) standard. Cloudentify can store and evaluate both attribute-based and role-based access control policies in response to application requests. This allows CSPs and tenants to externalize authorization policy from their applications and leverage a common set of policies and attributes maintained in Cloudentify. Tenant administrators can define their own roles and role hierarchies to support the needs of their applications.
Provisioning and synchronization services
Cloudentify includes the ability to provision and synchronize identity information between Cloudentify and other identity stores. This allows Cloudentify to act as either the “source of truth” for user identities, or to consume identity information from external systems such as an HR system or on-premises Active Directory.
Using its integrated synchronization engine, Cloudentify can provision and synchronize identity information to and from external systems on a scheduled established by the administrator. Cloudentify also supports just-in-time provisioning when acting as a SAML service provider or a relying party to a social identity provider.