Overview
The main components of the service are:
- A Single Sign-On service, based on Keycloak, providing federated and social authentication and supporting SAML and OIDC protocols. This service is replacing the previous Single Sign-On service based on Microsoft ADFS.
- A Users Portal, where users can manage their own accounts.
- A Groups Portal, where users can define static and dynamic groups, including external (non-CERN) members.
- An Applications Portal, where application owners can register their applications for Single Sign-On and configure the applications authorization schemes.
- A Resources Portal, where users can visualize and manage their subscriptions to IT services and list their resources.
- An API that can be used to automate the users, groups and applications management (for extensive documentation of these entities check here).