Identity Management

Cloud(ed) Judgment: OneLogin’s Breach Continues to Fuel the Security Debate

By | Date posted: June 26, 2017

When it comes to the next big data breach, it’s never a matter of if, but a discussion of when.

This time, the target was identity and access management firm OneLogin, which recently shut down its U.S. data center due to compromised Amazon Web Services (AWS) keys. With the company serving more than 2,000 enterprises across 44 countries, the incident has been referred to as a “massive leak” and once again raised questions about cloud security.

As we continue to learn, everything that the cloud represents is great… until it’s not.
Read more

API Identity Management with LDAP Server

By | Date posted: February 24, 2014

Most corporations deploy LDAP severs such as OpenLDAP to store identities used for SSO and API identity management.   Application users authenticate against these LDAP servers to gain access to APIs.  To avoid an intrusive, non-scalable agent-based model — where every application installs and manages an agent for authentication and authorization — enterprises generally opt to simplify to a centralized model by deploying API gateways.  In this tutorial, you will learn how to use an LDAP server along with Forum Sentry API Gateway to enable access control of your APIs.

Read more

Using HTTP Basic Auth for API Identity Management

By | Date posted: February 17, 2014

APIs are proliferating corporate networks.  Business owners seek APIs that solve their requirements regardless of whether the APIs are homegrown or provided by 3rd party cloud providers.  In both cases — internal and external APIs — controls have to be enforced on who gets to use what API.  API control requires enabling Identity Management for APIs. In this tutorial, we will use Forum Sentry to lockdown an external API with on-board users, groups and ACLs with simple point-and-click, code-free configuration.

Read more

Users, Groups and ACLs for API Identity Management

By | Date posted: February 10, 2014

Identity management is the cornerstone for building a secure infrastructure that uses internal and 3rd party APIs.  By defining users, groups, and access control lists (ACLs), companies can granularly control who gets to use what API-based resource.  In this tutorial, we will configure users, groups and ACLs on Forum Sentry API Gateway for authenticating users and authorizing API access.   Once configured, any token type such as OAuth, SAML, or cookies can be used to present user credentials to Forum Sentry for validation against on-board users.

Read more