SiSeO Server

SiSeO Server is an OAuth2 compliant platform with multiple, advanced features.

Scenarios

Typical scenarios of a SiSeO Server can be:

Multi-App

Main hub of authentication on a wide scale organization for internal purposes. Since SiSeO is an OAuth2 Compliant server it can be used to connect all your oauth2 clients to it allowing to authenticate without efford your web or mobile applications.

You can connect SiSeO with an Active Directory, a JSON interface to check passwords or a local database that can be used as central repository of security information.

On the client side you can add as many clients as you want, sharing users between these applications. You can add Active Directory groups to the authorizations, making the system even more flexible

Multi Device

Main hub of authentication on a wide scale organization for internal purposes. Since SiSeO is an OAuth2 Compliant server it can be used to connect all your oauth2 clients to it allowing to authenticate without efford your web or mobile applications.

Security

Security is embeded into SiSeO Server. Client apps and the server use 2048 bit SSL X509 certificates encripting all communication between the parties.

One the user's side you can add a two factor authentication method using a QR code to force the users to add a one time password received on their phones after the password. These OTP keys are refreshed every 60 seconds.

Main console

The interface is focused on simplicity. On the main screen you can configure your admin users, with different role types, the backends that the SiSeO Server will use to collect the users and the local DB for those users that we don't want to manage outside our SSO Platform.

On the monitoring section of the server you'll see the live information that is logged for each transaction that is generated on the server: from client-user grants (allowing the users to authorize the use of their information), to the sessions that external clients are creating for authentication purposes, and also the tokens generated for our users.

Clients and Tenants

The configuration, on one hand is based on clients and resources, and on the other you can configure fine tuned tenants, linking the security of the users with the resources of the clients.

With that elements you can have:

  • Multiple users that connect to specific tenants
  • One Client defined by 1 tenant and it's security configuration
  • One Client accessing multiple tenants, each one with it's security configuration

Clients and resources

SiSeO supports three client types, depending on your security needs:

  • Basic OAuth2 compliant client: used for basic OAuth2 workflows with basic security
  • Advanced PKCE X509 certificate based clients allowing strong authentication and use of JWT Tokens with security information based on claims.
  • Client apps or servers that connect with advanced PKCE servers: Allowing for example a client or group of clients access to a third client with advanced security capabilities, linked to a tenant (see below)

Tenant Schema and Tenants

As told before, the fine tuning of each This second part is configured using tenant schemas, where you link the backend security servers and role schemas to Tenants.

The tenants represent a security entity that links resources (with its actions) with actors (users and groups). This concept allows full customization of the security of our server.

The actors, on the other hand, close the security concept linking users and groups to specific roles, defined on the tenant schema of each tenant.