IAM Overview

Identity and Access Management (IAM) is a security service provided through Domino AppDev Pack. Through standard OAuth2.0 flow, It enables remote applications to access Domino resources with well controlled user authorization.

Advantages

IAM brings safe user authorization and more possibilities for your applications:

• Standard OAuth2 Authorization Flows: With IAM, your applications can access resources on Domino servers, for example, user calendar information, without being hosted on Domino. You can host your applications on Node.js, Java, or other platforms and leverage IAM to authorize and generate access tokens for you application to allow it to access Domino resources.
• Precise Authorization Control: Administrator can control which application can access which subset of Domino resources through IAM. For example, an application authorized to access a user's calendar won't be able to access team rooms as the user.
• Safe Password Management: Your applications don't need to store user passwords and consider password safety. Users need only to trust and authenticate with IAM. In addition, OpenID Connect (OIDC) allows your applications to get basic user account information from IAM to use for personalizing applications.
• Single Sign On: When multiple applications are registered with IAM, single sign-on (SSO) across the applications is provided seamlessly.

Enhanced Domino API Set

Domino resources are grouped as OAuth 2.0 scopes, check the Scope page for supported APIs. IAM will continue to add support for new sets of API step by step.

Components

Domino IAM service provides three components out of the box:

• domino-iam-service: A Node.js based lightweight server, which is deployed along with a Domino server to provide the whole IAM service.
• oauth-dsapi-extension : A Domino extension to enable Domino to trust IAM and consume tokens that IAM grants to your application.
• node-iam-client: A Node.js module to assist your Node.js application to talk with IAM. For Java, .Net, or other applications, they can also talk with IAM directly through IAM's RESTful APIs.

Getting Started

• To start setting up IAM service, visit the IAM Setup page.
• To see how to manage IAM service and register applications, visit the IAM Management page.
• To see how to use node-iam-client library, visit the Client Library Usage page.
• To configure the oauth-dsapi-extension, visit the OAuth DSAPI Extension page.