Benefits of IdP Integration With the Curity Identity Server

When it comes to choosing an identity and access management solution, one requirement that many organizations demand is the ability to integrate with the solution in various ways. One common integration need is to combine an existing Identity Provider (IdP) responsible for user authentication with the newly established system.

When it comes to the Curity Identity Server, such integration is not only possible but also beneficial for organizations that decide to join two products. In this short post, I'll walk through some benefits of integrating Curity with an IdP.

Benefits of Integrating an Existing IdP with the Curity Identity Server

Your preexisting IdP is likely responsible for user authentication, including onboarding and user self-service. Integrating such a service with the Curity Identity Server allows organizations to reuse and extend existing solutions. These scenarios include:

1. Achieving collaborative adaptive authentication between an IdP and the Curity Identity Server

2. Using the full power of claims with external identity sources

3. Adding financial-grade capabilities to any IDaaS platform

Adaptive Authentication

The first point is an important one: it is achieved when the IdP platform performs the user authentication, which is collaboratively adapted based on signals and context available in the Curity Identity Server. In this case, our product can use the information provided by the IdP to make decisions about whether more measures should be taken to assert the user's identity.

Claims Mapping

Second, the IdP integration can unleash the power of Curity's token service. Since user login is federated to an external identity provider, the APIs and clients can benefit from the highly customizable tokens enabled via the claims subsystem of the Curity Identity Server. Since the upstream IdP returns attributes in the authentication result, these can be incorporated in the regular claims mapping performed when issuing tokens as any other claims source.

Example of mapping claims in the Curity Identity Server

Financial-Grade Security

Finally, since the Curity Identity Server is based on OAuth and OpenID Connect standards, all the advanced features of these standards can be used to achieve high-grade security, irrespective of the authentication process chosen. For example, a financial-grade setup using PAR, JARM, and message-level encryption can be achieved without the upstream IdP needing additional features.

IdP Integration with Curity

Customers seeking to leverage the strengths and investment into an existing IdP solution can use our SDK to integrate with any IdP quickly. For example, our new open-source authenticator demonstrates how easy it is to set up. As described in the documentation of this exemplary authenticator, it is helpful in scenarios where:

• The IdP is functioning as an OpenID Connect Provider (OP).

• The Curity Identity Server is also an OP and a Relying Party (RP). Because it functions in both roles, it's a sort of identity proxy or relay to a downstream application.

• The client application passes transparently through to the IdP.

This demo video shows this usage and details how it can be implemented with our new authenticator.

Reverse Integration: Using Curity as an Identity Provider

Combining an IdP with the Curity Identity Server can also be used in the reverse scenario as well. You may want to do this to:

• Use an existing Curity deployment to quickly provide staff with access to various SaaS applications.

• Allow users to log in with additional kinds of credentials supported by Curity, such as BankID or social accounts.

• Run actions and execute workflows as a part of the login process.

• Take further control over the look and feel of the login screens.

• Use the Hypermedia Authentication API.

This second demo video describes the setup in which Curity is used as an IdP.

Doing so is easy, even if there's no out-of-the-box integration with your IdP. The authenticator code demoed in this article was partially generated, and the OpenID Connect standard defined the implementation details. All in all, it took 16 hours to build this exemplary authenticator shown in the videos above. This kind of integration is a poster child for the extensibility options available in the Curity Identity Server. This kind of integration is a poster child for the extensibility options available in the Curity Identity Server.

Conclusion 

By integrating the Curity Identity Server with an existing IdP, you can gain:

• Stronger security with federated authentication, MFA, and advanced access control.

• Seamless access to SaaS applications with Single Sign-On (SSO).

• Flexible authentication that adapts to user roles, risk levels, and compliance needs.

• A future-proof solution that scales with business growth and evolving security standards.

Curity empowers businesses to modernize authentication without disrupting existing identity infrastructure, ensuring compliance, security, and a frictionless user experience.

Want to learn more? Explore the Curity Identity Server or request a demo to see how we can enhance your IdP integration strategy.