A robust identity solution relies must be build on a solid foundation.
The architecture of idaas.nl is characterized by scalability and flexibility. It is a cloud native design ready to scale out and prepared for future use cases.
A major architectural component is the federation layer. This layer provides single sign-on and token verification capabilities.
The federation layer supports OAuth 2.0, OpenID Connect 1.0 and SAML 2.0.
Idaas.nl is not simply a wrapper around a few federation protocols but has abstracted away from individual protocols. Since the core of this layer has abstracted away from these protocols, support for future and legacy protocols can be easily introduced.
How and when to authenticate depends on your organization its policies, user preferences and context.
While historically it was sufficient to authenticate users with username and password verification, nowadays two-factor authentication is the de facto standard. In fact, more and more organizations are moving towards passwordless authentication. For example with FIDO.
Constantly changing requirements demand a flexible authentication framework. The idaas.nl solution allows chaining authentication modules together in order to provide an adaptive authentication experience. Enforcing security controls and providing the best user experience.
Another benefit is that this method allows you to use your own domain names. Without the need for registering extra DNS records.
It is possible to log in with the default login screen, your own UI server or via a popup.
Serverless for user scripting
It should be preferred to use out-of-the-box functionalities from off-the-shelf software. But a toolbox should not restrict your organization in providing value to your customers.
idaas.nl allows plugging in scripts into the authentication flow.
Each authentication module maintains its own session storage. This allows differentiating how long each authentication result should get rememebered.
Each module allows configuring wether to remember its result in a session, a cookie, or not at all.
An access token is a JWT. Yet, can still be used as regular OAuth access tokens. You can introspect and revoke these tokens.