Identity and Access Management - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

Identity and Access Management (IAM) allows you to leverage SAML-based Web Single Sign-On (SSO) and OAuth API authorization in Address Manager.

With SAML-based Web SSO in Address Manager, all user login credentials are authenticated by the Identity Provider (IdP). Address Manager supports both SP-initiated SSO and IdP-inititated SSO. For more information on how SAML works with Address Manager, refer to Single Sign-On.

The OAuth API authorization allows users access to Address Manager's API endpoints with three authorization grants in the OAuth 2.0 specification:
  • Authorization Code Grant
  • Implicit Grant
  • Resource Owner Password Credentials Grant
The OAuth 2.0 specification defines an authorization protocol (a protocol that is focused on what actors have access to—not who the actor is) and includes four actors: the Resource Owner (the user), the Client (an application or script that needs access to the Address Manager API), the Authorization Server (OAuth2 Server, OpenID Connect), and the Resource Server (Address Manager API). For more information on how OAuth works with Address Manager, refer to OAuth API authorization.
Note: SSO for DNS Edge is not related to SSO for Address Manager. DNS Edge must be configured separately as a service provider on your IdP.