Skip to main content

Authentication & IAM

All DataSapien platform components use OIDC and OAuth2 standards for authorisation and authentication.

The DataSapien platform is designed to be compatible with most systems and can use any OAuth2 compliant IAM (Identity and Access Management) solution to auhtorisze users and requests made to it. Some common IAM solutions include, but are not limited to:

  • The most wWidely used IAM solutions such as Keycloak, Okta, Auth0
  • Microsoft Azure Entra ID (previously Azure Active Directory)
  • Amazon AWS Cognito
  • Google Identity Platform and Firabase Authentication
Contact Us

If you’d have questions about compatibility with your preferred IAM solution, please contact us.

Orchestrator Web UI Access

The Orchestrator Web UI uses OAuth2 to sign in users to its Web UI.

This kind of authorisation of users by a service is implemented using Authorisation Code Flow in OAuth2. During sign-in, users are redirected to the Authorisation Server to provide their credentials, and after validation, a token is generated which contains the information about the authenticated user. The service (the Orchestrator Backend in this case) checks this token to authorise the user.

The Orchestrator Web UI uses the Authorisation Code Flow and once configured with a compliant OAuth2 Authorisation Server, you can enable your existing users on your IAM solution to sign in as admins and operators. In this way no additional effort is needed for Orchestrator user / access management on your side.

MFA and SSO

Multi Factor Authentication (MFA) and Single Sign On (SSO) are commonly offered by most identity platforms and are fully supported by the the Orchestrator.

Orhestrator to Mobile Backend Access

The Orchestrator consumes Mobile Backend endpoints and hence needs to be authorised by the Mobile Backend.

This kind of authorisation which does not include a user, is commonly referred to as service-to-service authorisation and is implemented using the Client Credentials Flow in AOuth2. For this, a Client Secret should be created on your IAM solution for Orchestrator and the Orchestrator must be configured to use this when accessing the Mobile Backend.