Mission Critical Authentication
and Authorization

Enterprise UMA

As a profile of OAuth 2.0 that is complementary to OpenID Connect, UMA defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of any API or web resource. The Gluu Server acts as an UMA authorization server (AS) and provides an interface for scripting your organization’s unique policies for web access management.

How it works:

  1. Deploy a Gluu Server or OX.

  2. Protect your application with UMA RS or client code.

  3. Define Scopes in oxTrust.

  4. Create and associate resource sets with scopes.

  5. Create and associate policies with scopes.

Use Cases

Enterprise Web Access Management

Controlling who can get to what websites has been an important objective for organizations for more than a decade. Previous WAM solutions were based on proprietary software and processes.

Stepped Up Authentication

Certain parts of a website might require stronger authentication. UMA gives organizations the ability to define a minimum type of authentication that’s needed to access a certain website or even a part of the website.

API Access Management

OAuth 2 requires companies to issue client ID’s and passwords to partners. UMA enables organizations to define which clients can access which API’s or even which functions within an API.

Learn more about UMA.

Technological Underpinnings