Flexible Authorization for Complex Digital Services
Legacy role-based authorization systems cannot meet the challenges of effectively and securely managing external and third-party access. This highlights the need for an externalized authorization architecture, enabling enterprises to decouple business applications from authorization policies and allow them to provide unified, fine-grained authorizations to users across their application landscape.
OneWelcome Identity Platform offers externalized authorization capabilities that enable you to implement fine-grained, policy-based, centralized access control and enforcement.
Standardized authorization and consistent security
Centralize permission management on one platform to ensure consistent security policy enforcement across all components.
Relationship-based access control
Evaluate relationships between users to determine access
Agile policy management
Separate policy management from the application lifecycle. Reduce complexities and easily edit policies and access requirements in a no-code/low-code setup.
What is Externalized Authorization?
Externalized authorization is an application that simplifies the process of defining who has access to what resources and what actions individuals are permitted to perform. It separates policy management and enforcement from the application lifecycle, and delegates access control decisions to a decoupled external decision point. Our OneWelcome Identity Platform offers externalized authorization capabilities that enable you to implement fine-grained, policy-based, centralized access control that takes relationships and context into account for the access decision.
Which type of identity would you like to protect?
Customer Identities
Create frictionless and secure access for your customers
B2B & Third Party Identities
Streamline access and collaboration across your entire B2B ecosystem
How Externalized Authorization Works
With centralized access control, you can grant access to your resources in real-time via a centrally managed decision point that leverages user attributes in your identity store and create authorization policies to determine when to grant users access to your products.
Policies can be graphical or defined in Open Policy Agent’s native query language, Rego. Relationship-based access control (ReBAC) can implement fine-grained access to protected resources based on the user's relationship with other entities.
Integration with Thales OneWelcome Identity Platform
Our Externalized Authorization identity app seamlessly integrates into your existing identity infrastructures. Our customizable design and out-of-the-box capabilities offer you the performance and flexibility to implement state-of-the-art externalized authorization.
Thales Named an Overall Leader
Find the product or service that best meets your needs, and learn why KuppingerCole named Thales a Market Leader, Overall Leader, and Innovation Leader in Access Management
The relationship between trust and user experience is the foundation of successful online interactions. The imperative is clear: organizations must uphold an unwavering commitment to both data security and user experience to build a future where trust enables digital interactions.
Recommended resources
Frequently asked questions
Use External Authorization when you need fine-grained control over access permissions, especially in complex environments or when integrating with multiple systems. It's beneficial when you want to centralize authorization logic, manage permissions externally, or enforce policies across various services.
External Authorization offers several advantages for simplifying and securing access, including centralized policy management, dynamic policy updates without code changes, support for complex access control scenarios, scalability across distributed systems, and the ability to integrate with multiple identity providers or external sources seamlessly.
Yes, a user can have multiple external identities. The Identity Broker supports federated identities, allowing users to authenticate with various identity providers and consolidating their identities under a single identity record.