Enterprise UMA


As a profile of OAuth 2.0 that is complementary to OpenID Connect, UMA defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of any API or web resource.

The Gluu Server acts as an UMA authorization server (AS) and provides an interface for scripting your organization’s unique policies for access management.

How it works:

  1. Deploy a Gluu Server.

  2. Protect your app with UMA RS code.

  3. Define Scopes.

  4. Create and associate resource sets with scopes.

  5. Create and associate policies with scopes.

Use Cases


Enterprise Web Access Management

Controlling who can get to what websites has been an important objective for organizations for more than a decade. Previous WAM solutions were based on proprietary software and processes.

Stepped Up Authentication

Certain parts of a website might require stronger authentication. UMA gives organizations the ability to define a minimum type of authentication that’s needed to access a certain website or even a part of the website.

API Access Management

OAuth 2 requires companies to issue client ID’s and passwords to partners. UMA enables organizations to define which clients can access which API’s or even which functions within an API.

Learn more about the Enterprise UMA use case.

Technological Underpinnings