WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
wso2.org
244 views
35 slides
May 27, 2024
Slide 1 of 35
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
About This Presentation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
Slide Content
WSO2's IAM Vision:
Identity-Led Digital
Transformation
Geethika Cooray
Vice President & General Mgr - IAM
WSO2
1
Identity-Led Digital
Transformation
Geethika Cooray
Vice President & General Mgr - IAM
WSO2
1
Digital Transformation…
3
Internal Digital
Experiences for
Employees
External Digital
Experiences for
Consumers/
Citizens
External Digital
Experiences for
Enterprise
Customers,
Partners, Suppliers,
API buyers
The shift to digital
WEB
Apps
Mobile
Apps
Workflows
Automations
API
Products
WEB
Apps
Mobile
Apps
WEB
Apps
Mobile
Apps
Workflows
API
Products
IoT
Apps
The shift to Identity- Led digital
Experiences
Experiences
LLM
B2C/G2C CIAM
B2E IAM
B2B CIAM
Experience APIs
Systems
of
Record
Domain APIs
Domain
Services
API Access Mgt
3
Internal Digital
Experiences for
Employees
External Digital
Experiences for
Consumers/
Citizens
External Digital
Experiences for
Enterprise
Customers,
Partners, Suppliers,
API buyers
The shift to digital
WEB
Apps
Mobile
Apps
Workflows
Automations
API
Products
WEB
Apps
Mobile
Apps
WEB
Apps
Mobile
Apps
Workflows
API
Products
IoT
Apps
The shift to Identity- Led digital
Experiences
Experiences
LLM
B2C/G2C CIAM
B2E IAM
B2B CIAM
Experience APIs
Systems
of
Record
Domain APIs
Domain
Services
API Access Mgt
3
Need to reimagine Access Management…
Neuralink Metaverse AI
Identity-led Digital Transformation…
7
B2C/G2C B2B B2E APIs
●Self-service and
social-login
●Digital IDV, Progressive
profiling, Consent Mgt,
●Passworless, Adaptive
MFA
●Seamless Omni-Channel
& personalized
Experiences
Increased conversion &
retention, loyalty &
revenue
●Organization Mgt,
Delegated
Administration, user
roles/entitlements
●Faster and easier
customer/partner
onboarding
●Friction-less and
Improved end-user
experience
Reduces overheads,
increases time to market
and revenue potential
●SSO, MFA, BYOID,
Passkeys, etc.
●Reduced friction at login,
resulting in improved
security posture
Improves employee
productivity and overall
employee sentiment
●OAuth 2.0/OIDC
compliance
●Consent-, role- and
context-based
authorization
Improves overall security
posture and reduces risk
Benefits of Identity-led Digital Transformation
Access Management
Customer IAM Workforce IAM API Access Mgt
B2C/G2C B2B B2E APIs
●Self-service and
social-login
●Digital IDV, Progressive
profiling, Consent Mgt,
●Passworless, Adaptive
MFA
●Seamless Omni-Channel
& personalized
Experiences
Increased conversion &
retention, loyalty &
revenue
●Organization Mgt,
Delegated
Administration, user
roles/entitlements
●Faster and easier
customer/partner
onboarding
●Friction-less and
Improved end-user
experience
Reduces overheads,
increases time to market
and revenue potential
●SSO, MFA, BYOID,
Passkeys, etc.
●Reduced friction at login,
resulting in improved
security posture
Improves employee
productivity and overall
employee sentiment
●OAuth 2.0/OIDC
compliance
●Consent-, role- and
context-based
authorization
Improves overall security
posture and reduces risk
Benefits of Identity-led Digital Transformation
Access Management
Customer IAM Workforce IAM API Access Mgt
All Users Deserve
Seamless and Secure
Digital Experiences
Identity and Access Management
is fundamental to ensuring a secure,
frictionless experience for consumers,
business partners or employees.
8
Seamless and Secure
Digital Experiences
Identity and Access Management
is fundamental to ensuring a secure,
frictionless experience for consumers,
business partners or employees.
8
9
The Leading Open Source IAM
WSO2 Identity Server is a powerful,
modern identity and access management
solution for your on-premises or cloud
environment
Multiple Deployment Options
to Support Any IT Strategy
Multi-tenant SaaS IAM
Asgardeo is a developer-focused,
multi-tenant IDaaS solution that provides
seamless, secure authentication and user
management
Single-tenant SaaS IAM
Private Identity Cloud is a single-tenant
cloud identity solution, fully managed and
maintained by WSO2
The Leading Open Source IAM
WSO2 Identity Server is a powerful,
modern identity and access management
solution for your on-premises or cloud
environment
Multiple Deployment Options
to Support Any IT Strategy
Multi-tenant SaaS IAM
Asgardeo is a developer-focused,
multi-tenant IDaaS solution that provides
seamless, secure authentication and user
management
Single-tenant SaaS IAM
Private Identity Cloud is a single-tenant
cloud identity solution, fully managed and
maintained by WSO2
Latest improvements…
Optimized Developer Experience
Improved UI/UX
11
Improved UI/UX
11
Optimized Developer Experience
Out-of-the-box Application Templates
12
Out-of-the-box Application Templates
12
Optimized Developer Experience
More authentication methods to choose from
13
More authentication methods to choose from
13
Optimized Developer Experience
Low-code/No-code visual editor - Preview users’ login experience
14
Low-code/No-code visual editor - Preview users’ login experience
14
Optimized Developer Experience
Simplified Branding experience
15
Simplified Branding experience
15
Optimized Developer Experience
Optimized API Authorization for Organizations through native scopes
16
Optimized API Authorization for Organizations through native scopes
16
Optimized Developer Experience
API for In-App Authentication
OLD USER EXPERIENCE
An external browser window is required to
handle logging into the app
User never leaves the native application while
logging in
NEW USER EXPERIENCE
●Orchestrate authentication conditionally without changing the application logic
●Use OAuth 2.0/OpenID Connect flows without the need of a browser support
●Guarantees the identity and proof of possession of the client and the API only communicates with legitimate client apps
17
API for In-App Authentication
OLD USER EXPERIENCE
An external browser window is required to
handle logging into the app
User never leaves the native application while
logging in
NEW USER EXPERIENCE
●Orchestrate authentication conditionally without changing the application logic
●Use OAuth 2.0/OpenID Connect flows without the need of a browser support
●Guarantees the identity and proof of possession of the client and the API only communicates with legitimate client apps
17
B2B CIAM capabilities
●Configure login experiences per
organization.
●Including branding per organization.
●Maintain organization hierarchy.
●Delegated Administration.
18
●Configure login experiences per
organization.
●Including branding per organization.
●Maintain organization hierarchy.
●Delegated Administration.
18
Support for Financial-Grade APIs (FAPI)
FAPI first-class compliance to FAPI 1.0 and security for high-value APIs.with OAuth 2.0
●Facilitates enforcing FAPI at client registration, user authorization flows, and token issuance flows for third party clients.
●Supports OAuth 2.0 Pushed Authorization Requests
●Supports Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
19
FAPI first-class compliance to FAPI 1.0 and security for high-value APIs.with OAuth 2.0
●Facilitates enforcing FAPI at client registration, user authorization flows, and token issuance flows for third party clients.
●Supports OAuth 2.0 Pushed Authorization Requests
●Supports Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
19
●Post-quantum secure mode can be enabled in IS 7.0 with a few steps
●Post-quantum secure mode will provide support for PQS TLS in inbound
communications, more secure internal encryption and hashing.
20
Supporting Post Quantum Safe Cryptography
●Post-quantum secure mode will provide support for PQS TLS in inbound
communications, more secure internal encryption and hashing.
20
Supporting Post Quantum Safe Cryptography
Feature drop…
Unified IAM experience across all WSO2 IAM products
●A single open source code base across
self-hosted, SaaS or private cloud
●Feature parity and consistent experience
○Developer experience
○User experience
○SDKs, templates, and docs
●Supports customers wherever they are in their
journey to cloud with common experience
○Simplifies transition from software to cloud
22
●A single open source code base across
self-hosted, SaaS or private cloud
●Feature parity and consistent experience
○Developer experience
○User experience
○SDKs, templates, and docs
●Supports customers wherever they are in their
journey to cloud with common experience
○Simplifies transition from software to cloud
22
AI-assisted features
23
23
AI assisted branding
24
24
AI assisted login flow generator
25
25
High-level Roadmap
Registration Orchestration
Low-code/No-code visual editor - Preview users’ registration experience
27
Low-code/No-code visual editor - Preview users’ registration experience
27
3rd Party Integrations
28
28
29
OAuth 2.0
Rich Authorization
Requests
(RAR)
DPoP Grant Management
FAPI 2.0 - Securing high-value APIs
OAuth 2.0
Rich Authorization
Requests
(RAR)
DPoP Grant Management
FAPI 2.0 - Securing high-value APIs
30
For First-party apps
●Focussed on
⦿Terms of Services
⦿Privacy policy and Cookie policy
●Enhanced by
⦿OAuth 2.0 - Scopes
⦿OAuth 2.0 - RAR
For 3rd party apps
●Focussed on
⦿Coarse-grained Authz
⦿Fine-grained Authz
⦿User-managed consent
●Enhanced by
⦿Grant Management
Self service across the above
Consent Everywhere!
For First-party apps
●Focussed on
⦿Terms of Services
⦿Privacy policy and Cookie policy
●Enhanced by
⦿OAuth 2.0 - Scopes
⦿OAuth 2.0 - RAR
For 3rd party apps
●Focussed on
⦿Coarse-grained Authz
⦿Fine-grained Authz
⦿User-managed consent
●Enhanced by
⦿Grant Management
Self service across the above
Consent Everywhere!
31
Eventing & Extension Support
Upgrade vs Migration Java 21 support
Improving operational e?ciency of the
identity platform
Platform & architectural improvements
Eventing & Extension Support
Upgrade vs Migration Java 21 support
Improving operational e?ciency of the
identity platform
Platform & architectural improvements
32
IAM is a journey…
33
33
Question Time!
34
34
Thank You!
Let’s Connect!
Let’s Connect!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 244
- Slides 35
- Age 562 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
36 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
39 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
35 views
14
Fertility awareness methods for women in the society
Isaiah47
32 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
31 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
32 views