Applications and authentication
For now, let's focus on identity to mean a user. When a user accesses an application, the application must be able to know who the user is. This process of identifying a user is called authentication.
Applications registered with Smart API Manager are called Smart Clients.
A Smart Client must request an access token in order to call a Smart API. The first step in this flow is to authenticate the identity (user) making the request. The request is made by calling the authorization server delivered with Smart API Manager. The authorization server is an OpenID Connect provider, based on OAuth 2.0. Details on how a Smart Client specifies a particular identity provider is a software development concern. You can find more information in Authorizing requests to Smart APIs.
The information provided here is related to the system administration of identity
providers. If identity providers are not configured properly, software developers
are not able to use them properly.
Smart API Manager as an identity provider
As an identity provider, Smart API Manager supports authentication against its own local store of users, accessible via the Users feature.
External identity providers
Smart API Manager also supports authentication using identities from other, external identity providers. When you map an identity from an external identity provider, the goal is to let the external identity provider manage collecting credentials and providing authentication. The user may be redirected to the identity provider’s login screen to enter a username and password, or the whole process may be automated, as happens when using the Integrated Windows Authentication (IWA) identity provider.
Preconfigured external identity providers
Smart API Manager is preconfigured to work with the following external identity providers:
However, preconfigured does not mean complete. There are some steps you have to take
to complete the configuration. Click a link above for instructions.
Other external identity providers
If you need to use an external identity provider that is not listed above, start with Add an identity provider.
Administration
If you must make changes to an external identity provider configuration, see one of the other topics in this section: