Recipes for working with the Curity Identity Server.
Set up an Authentication Action Flow
Authentication Actions is a powerful way to make various actions happen in the authentication process, such as conditional MFA. You can pick and choose from many built-in actions or create your own using the SDK.Learn More
Add a Federated Authentication
It's common to have some users federated in from another identity provider (using SAML or OIDC) but still allow these users to gain access tokens from Curity Identity Server that protect your APIs. See how this is accomplished in Azure Active Directory with OpenID Connect as an example.Learn More
Brand Your Authentication Screens
All the user-facing screens can be customized down to the last pixel. This guide explains how you can brand the screens differently, even on a per-client basis.Learn More
Enable the Authentication API
Curity provides an entirely new way to log in users without a browser that improves user experience and increases security at the same time.Learn More
Run the Authentication API in an Android App
The Authentication API comes with pre-built SDKs that will secure the usage of the API, based upon client attestation and proof-of-possessions tokens. Try out the Hypermedia API in your Android app as described in this how-to article.Learn More
How Do I Use OAuth to Protect My APIs?
If you're already familiar with OAuth's basics, test to set up the OAuth code flow or the OpenID Connect Hybrid flow. in your Curity installation. If you don't have that much experience of OAuth yet, you may want to check out our getting started with OAuth and OpenID Connect course - a great way to learn more about the protocol.Learn More
Customize Your Tokens
When you have issued your first tokens, learn more about how you can implement access control using claims and scopes. Read more about scopes and claims and how they relate to each other. This guide shows you how to add claim values from the authentication process.Learn More
Verify Your Tokens with a Gateway
It's common to combine the Curity Identity Server with an API Gateway to verify your access tokens externally, outside of your service. Curity recommends two alternative patterns when doing so, the Phantom Token pattern and the Split Token pattern. There are several guides available, for instance, for Azure API Management, the AWS API Gateway, and NGINX.
User Management Service
Test out SCIM in the User Management Service
SCIM is an excellent protocol for user provisioning and performs CRUD operations on user accounts. You can use SCIM to connect and sync with external directories and allow third parties to manage their users. Curity's User Management Service is built around SCIM. Follow our tutorial to set up SCIM and use this API to create and update users.Learn More
Deployment and Operations
Set up a Cluster
The Curity product is easy to deploy to fulfill the highest availability requirements and linearly scaling performance. Create your cluster with auto-scaling using familiar tools like: Docker, Kubernetes, and Helm. Follow our guide to learn how to set up a Curity cluster.Learn More
Automate Your Configuration
The Curity Identity Server comes with many interfaces for configuration management. The Web UI is easy to use for initial setup. When adding the server into your CI/CD pipelines, etc., you may want to use the other interfaces for automation, the scriptable CLI, the standards-based REST (RESTCONF) API, or using XML configuration files.
Logging within the Curity product is based around Log4j. You can also integrate it with popular log management and monitoring tools. There are guides to do that with Splunk or Datadog, for example.Learn More