Applications Overview

We define application as a Client and Service.

Client can be understood either as an OAuth 2.0 Client or as a SAML Service Provider.

Client applications consume tokens and assertions issued by SecureAuth platform. Applications may use tokens for user authentication or service consumption.

Essentially, the whole set of services in a SecureAuth Workspace constitutes the OAuth 2.0 Resource Server. It recognizes that such a server can expose a large number of APIs grouped into particular services, and consequently represents this in the Workspace in order to allow for more fine-grained access control.

To align with the application architecture, simplify management, and make it more intuitive for client application developers, scopes and APIs are associated with services.

Microservices are also represented as services within a Workspace. These services have their own identity that is used to perform access control within distributed application. The internal microservices may not be part of the resource server as while communicating between each other they don't use access tokens issued by the Workspace authorization server.

Depending on the client application type, different settings are applied by default.

With SecureAuth platform, you can:

SAML SSO login and metadata endpoints are exposed for SAML applications, with their resources protected by enforcing assigned policies, such as MFA requirements for users.