Access management

PassPort provides identity and access management services for AI Suite.

When a user attempts an action requiring authorization (logging on for example), the product sends a request to PassPort through the API. PassPort approves or denies the request and responds so that the user can either perform the action, or is blocked.

InterPlay and Datastore provide a fine-grained level of control on the user rights. InterPlay and Datastore publish resources on which the administrator can authorize or not actions under specific conditions. For instance, a user can be entitled to only view data entries that have been created by his working group and that have a given status. InterPlay and Datastore also allow user-defined resources to create authorizable properties.

The following diagram provides a high-level view of the use of PassPort for user access.

Access management overview

PassPort also provides a single sign-on (SSO) functionality that enables users to log on just once for multiple Axway products.

In addition, SSO provides connectivity to SiteMinder for integration with an existing enterprise SSO solution and extensions to integrate with other enterprise SSO solutions.

SSO in PassPort provides:

  • A unified interface to end users across Axway products and extensible to third-party applications
  • Central configuration and management of identities and access-control policies
  • A way to leverage existing enterprise SSO solutions

PassPort supports two SSO modes:

  • Reverse-proxy mode
  • Central Authentication Service (CAS) mode

CAS mode provides superior performance, but the SSO agent cannot be deployed in the DMZ as with reverse proxy mode. InterPlay and Datastore are compatible with both SSO modes.

Related Links