Explore Gateway’s IAM Topology

Click on the numbered circles in the topology diagram to learn more about integrating with Gateway.
1 Clients are assigned secure administration privileges to the Gateway’s management console, known as the Gateway Manager. From within the Gateway Manager, clients can manage their complete Gateway experience, including:
  1. Managing Identity Stores within the IDM system
  2. Managing Protected Resources (Web Applications) within the Access Management system
  3. Defining policies for authentication, authorization, access control, and user provisioning
  4. Configuring Self Service Applications
  5. Much more
2Your engineers and administrators continue to manage your web applications and identity repositories as they normally would – except there’s no longer any need for embedded security logic, custom code, or any stove-piped security development within those applications. Your technical staff will focus on the pure business logic of these systems.
3Your end user community will have access to Self Service applications, such as Self Registration and Password Reset. Through Self Registration, your users may self-initiate the process of acquiring an account on the Gateway. Your policies for Self Registration, previously configured via the Gateway Manager, will govern who you allow to register, under what circumstances, what data is collected, whether human approval is required, and more.
4Users may sign-on (Authenticate) to the Gateway to get to any of your Protected Resources (web applications). Users can be authenticated via numerous mechanisms, including User ID and Password, two-factor hardware tokens (such as RSA or Vasco), PKI certificates, smart cards, and more. The Gateway will begin a session with an authenticated user and allow them to get to any applications which they are authorized to touch, therefore achieving a Single Sign-On (SSO) experience for your users – there’s no need to login more than once. If you so desire, however, you may place policies on specific applications, or components of an application, that force a user to re-authenticate or authenticate with a stronger form of authentication even if they’re currently logged-in.
5As users request pages within your web applications, the Gateway will proxy those requests via a PKI mutually-authenticated SSL communications link to your datacenter. This highly-secured link ensures that both the Gateway and your datacenter have authenticated each other and can therefore trust the authenticity of the traffic.
6The Gateway’s Identity Management (IDM) system ensures that identity data is timely and accurately distributed amongst your repositories as necessary. Through an IPSEC-based VPN connection, the Gateway’s agentless IDM system will monitor all repositories in your Identity Management ecosystem in real-time. As changes occur, your provisioning policies will dictate how the system synchronizes, transforms, provisions, and de-provisions identity data both within the Gateway and your datacenter-resident identity stores, such as Active Directory, PeopleSoft, databases, and LDAP.
7Federated Partners, such as vendors, suppliers, clients, or business partners, may seamlessly be authenticated by the Gateway without requiring the partner to re-authenticate. The Gateway’s support for open-standard Federated Single Sign-On (FSSO) technologies, such as Security Assertion Markup Language (SAML), allow business partners to authenticate and gain access to your applications with ease – of course, all per your self-defined policies. Likewise, the Gateway’s FSSO capabilities may allow your native users (those within your organization) to seamlessly authenticate to third party applications.
8While many of your application requests may originate from users utilizing web browsers, many organizations, especially those embracing Service Oriented Architecture (SOA) and web technologies, may be exposing web services or other machine interfaces. For those organizations, the Gateway is fully capable of authenticating, authorizing, and auditing machine-based clients such as web services (via the WS-Security standard for SOAP), Java Messaging Services (JMS), Message Queue (MQ), File Transfer Protocol (FTP), and many others.
9The Gateway’s Self Service applications are intended to allow users to help themselves – but sometimes a call to the Help Desk is unavoidable. For organizations with small or nonexistent help desk services, the Gateway offers an optional, fully-integrated and turn-key Level 1 Help Desk that’s in operation 24x7x365. A U.S. Citizen-staffed, U.S. based help desk, that’s fully integrated and trained for Gateway-related support, enables regulatory compliance when handling sensitive data while removing the burden of this logistical challenge for many organizations.