WSO2 Identity Server 7.0 boosts developer productivity with new authentication API, visual editor, templates, and enhanced B2B CIAM and API security.
Businesses increasingly compete on their ability to offer exceptional, trusted digital experiences to all users, internally and externally. WSO2 empowers software developers to address this demand with WSO2 Identity Server 7.0, the latest release of WSO2’s widely adopted, open-source identity and access management (IAM) software. Currently, Version 7.0 optimizes the developer experience via a new authentication API for native, in-app, browser-less authentication, a new visual editor that enables side-by-side graphical and code views, and new one-click access to application templates and authentication methods.
“Organizations delivering digital experiences need an IAM solution that enables developers to readily adapt to the evolving needs of the business, customers, and partners,” said Geethika Cooray, vice president and general manager of identity and access management at WSO2. “Our secret sauce has always been to provide developers an awesome experience that maximizes their productivity and flexibility, and WSO2 Identity Server 7.0 takes that to a whole new level.”
WSO2 Identity Server 7.0 supports comprehensive business-to-business (B2B) functionality and financial-grade API security. It also shares the same code base and modern user interface (UI) offered with WSO2 Private Identity Cloud and Asgardeo, WSO2’s identity as a service (IDaaS) solution.
WSO2 will demonstrate the latest features in WSO2 Identity Server 7.0, WSO2 Private Identity Cloud, and Asgardeo at the Gartner Identity & Access Management Summit in London, United Kingdom, which runs March 4-5, 2024. A premier sponsor, WSO2, will be located at Booth 105 in the InterContinental Hotel London, where the Gartner event will be hosted.
Enhancing Developers’ Experiences
Version 7.0 builds on the proven capabilities of WSO2 Identity Server, which manages more than 1 billion identities worldwide. The uniquely extensible, API-driven, developer-friendly product enables developers to harness the power of IAM without being security experts. It incorporates the ability to federate, authenticate and manage identities; bridge across heterogeneous identity protocols; and secure access to web and mobile applications and API-based endpoints. Now it offers several new capabilities designed to enhance developers’ experiences.
The new authentication API for app-native, browser-less authentication lets developers create in-app login flows instead of redirecting to a browser—optimizing the user experience without compromising security. The API supports orchestrating authentication conditionally based on risk factors, user/access context, and other considerations without changing the app logic. Additionally, it enables using OAuth 2.0 and OpenID Connect flows without browser support, guarantees a client’s identity and proof of possession, and only communicates with legitimate client apps.
A new visual editor offers side-by-side graphical and code views. So, as developers are building an app, they can now witness the login journey as the user does while also seeing the underlying code, helping to improve the quality and speed of development.
Multiple new app templates and authentication methods are now available to developers via one-click access. Developers can click to select one of the templates for typical application types—such as web, mobile, or single-page—or choose authentication methods, such as a one-time password, trusted token provider, or third-party authentication from Facebook, Google, or Microsoft.
Comprehensive B2B Support
WSO2 Identity Server 7.0 now extends beyond extensive business-to-consumer (B2C) customer IAM (CIAM) and workforce IAM capabilities to offer the industry’s most comprehensive B2B CIAM support. Surpassing the limited organization management of other IAM products, the WSO2 Identity Server provides the flexibility to:
- Easily onboard the organization’s enterprise customers and their consumers to their apps/platform, including optionally leveraging their identity provider (IdP).
- Delegate administration to enterprise customers, empowering them to design and manage their environments.
- Flexibly manage complex, multi-level organization hierarchies and choose how and where user accounts are stored and managed.
- Support enterprise customers’ entire B2B app portfolio, ensuring apps operate consistently and managing who can access them via app subscriptions.
Financial-Grade API Security
WSO2 Identity Server 7.0 also delivers financial-grade API security through new and enhanced features.
- Compliance with FAPI 1.0 Baseline and Advanced profiles facilitates the enforcement of FAPI with client registration, user authorization flows, and token issuance flows for third-party clients.
- Extended OAuth 2.0 Support includes both OAuth 2.0 pushed authorization requests and JWT Secured Authorization Response Mode (JARM) for OAuth 2.0, which covers how responses are signed and encrypted to ensure message integrity.
- Enhanced Role-Based Access Control (RBAC) for API Authorization provides the ability to integrate API resource definitions, effectively connecting identity management and API access. Developers can also easily set up and manage API subscriptions, define and attach roles to APIs, and grant API permissions to roles.
- FIPS 140-2 Certification validates WSO2 Identity Server’s compliance with the Federal Information Processing Standard (FIPS) 140-2 covering a cryptographic module’s secure design and implementation.
Unified IAM Experience
With version 7.0, the WSO2 Identity Server now shares the same code base and UI as the WSO2 Private Identity Cloud and Asgardeo IDaaS. So, WSO2 customers have unprecedented flexibility to migrate between cloud and on-premises deployments as needed seamlessly—and even maintain hybrid environments—all while delivering a consistent, best-in-class user experience (UX) for developers, consumers, and other users.
The shared code means all the developer productivity, financial-grade API security, and B2B CIAM features introduced with WSO2 Identity Server 7.0 are also available in WSO2’s IAM cloud offerings. Additionally, all three WSO2 IAM solutions now feature unified software developer kits (SDKs), boilerplate samples, and documents.