Recipes for working with the Curity Identity Server.
Integrate a Single Page Application
One way to test your initial setup is with the OAuth Assistant. You can also use this as a boilerplate for integrating your Single Page Application (SPA). Our guide outlines the details of using the OAuth Assistant in a SPA.Learn More
Set up an Authentication Action Flow
Authentication Actions is a powerful way to make various actions happen in the authentication process, such as conditional MFA. You can pick and choose from many built-in actions or create your own using the SDK.Read more about actions in the reference documentation.Learn More
Add a Federated Authentication
It's common to have some users federated in from another identity provider (using SAML or OIDC) but still allow these users to gain access tokens from Curity Identity Server that protect your APIs. See how this is accomplished in Azure Active Directory with OpenID Connect as an example.Learn More
Brand Your Authentication Screens
All the user-facing screens can be customized down to the last pixel. This guide explains how you can brand the screens differently, even on a per-client basis.Learn More
Enable the Authentication API
Curity provides an entirely new way to log in users without a browser that improves user experience and increases security at the same time. Read more about the Hypermedia Authentication API here and follow our guide to enable it and set up a demo client.Learn More
Run the Authentication API in an Android App
The Authentication API comes with pre-built SDKs that will secure the usage of the API, based upon client attestation and proof-of-possessions tokens. Try out the Hypermedia API in your Android app as described in this how-to article.Learn More
How Do I Use OAuth to Protect My APIs?
If you're already familiar with OAuth's basics, test to set up the OAuth code flow or the OpenID Connect Hybrid flow in your Curity installation. If you don't have that much experience of OAuth yet, you may want to check out our getting started with OAuth and OpenID Connect course - a great way to learn more about the protocol.Learn More
Verify Your Tokens with a Gateway
It's common to combine the Curity Identity Server with an API Gateway to verify your access tokens externally, outside of your service. Curity recommends two alternative patterns when doing so, the Phantom Token pattern and the Split Token pattern. There are several guides available, for instance, for Azure API Management, the AWS API Gateway, and NGINX.Learn More
User Management Service
Test out SCIM in the User Management Service
SCIM is an excellent protocol for user provisioning and performs CRUD operations on user accounts. You can use SCIM to connect and sync with external directories and allow third parties to manage their users. Curity's User Management Service is built around SCIM. Follow our tutorial to set up SCIM and use this API to create and update users.Learn More
Deployment and Operations
Set up a Cluster
The Curity product is easy to deploy to fulfill the highest availability requirements and linearly scaling performance. Create your cluster with auto-scaling using familiar tools like: Docker, Kubernetes, and Helm. Follow our guide to learn how to set up a Curity cluster.Learn More
Automate Your Configuration
The Curity Identity Server comes with many interfaces for configuration management. The Web UI is easy to use for initial setup. When adding the server into your CI/CD pipelines, etc., you may want to use the other interfaces for automation, the scriptable CLI, the standards-based REST (RESTCONF) API, or using XML configuration files.
Logging within the Curity product is based around Log4j. You can also integrate it with popular log management and monitoring tools. There are guides to do that with Splunk or Datadog, for example.Learn More
Parameterize your configuration files
MFA and the Curity Identity Server
Integrate with AWS API Gateway
Introduction to the RESTCONF Admin API
Best practices: OAuth for mobile apps
The Phantom Token approach
Let’s Stay in Touch!
Get the latest on identity management, API Security and authentication straight to your inbox.