ProAuth is an OpenID Connect compliant identity server with a focus on multi-tenant SaaS applications. Its core implementation and configuration are based on a modular design which makes it easy to apply application and / or tenant specific settings through the API or admin user interface.
ProAuth key features:
Modern applications or microservice architecture should rely on a trusted identity provider which decouples the authentication implementation from the services or applications. There should be a single trust from the application, so new federated identity providers or customer specific configurations do not affect the implementation or deployment of the services and applications.
ProAuth is based on OpenID Connect protocol and therefore supports multiple authentication flows defined by the standard. Any OpenID Connect compliant client library could be used to authenticate your applications and services with ProAuth.
ProAuth issues tokens after a successful login request. Currently three different tokens are issued: id_token, access_token and refresh_token
An important design goal of ProAuth is to support multi-tenancy all over the product and its functionality.
Authentication requirements change over time and single-sign-on for new customers should be implemented seamlessly without redeployment of ProAuth.
The primary use-case of ProAuth is to federate with other identity providers. The reason for this design decision is to support modern SaaS application scenarios where enterprise customers expecting to enable single-sign-on with their existing directories and identity providers
ProAuth is based on a modular architecture which easily enables the addition of new modules like new Identity Providers, Protocols, Enterprise Directory Synchronization or TwoFactor Authentication Mechanisms. ProAuth can be horizontally scaled in a cloud environment and supports a zero-downtime deployment mechanism which also includes database schema changes.
ProAuth was built with an API-first mindset. Therefore all the configuration and management actions are available by an authenticated public API which facilitates integration and automation scenarios.
ProAuth is delivered with a web-base administration application which lets you configure and control all aspects of ProAuth.
ProAuth includes a database auditing functionality for specific entities. All the audit log entries are written to the audit tables of each database (configuration database and user store databases). For the configuration database, there is also a built-in audit trail viewer with a diff-viewer.
ProAuth implements the SCIM interface and supports the SCIM API for the IDP OIDC. Each OIDC IDP instance has its own SCIM endpoint.
ProAuth is issuing the requested tokens with appropriate claims. The claims which are included in the issued tokens can be customized with the claim rule engine.
