IAM Overview
Identity and Access Management (IAM) is a security service provided by the Domino AppDev Pack. Through standard OAuth 2.0 flow, it enables remote applications to access Domino resources with well-controlled user authorization.
Advantages
IAM brings safe user authorization and more possibilities for your applications:
- Standard OAuth 2.0 Authorization Flows: With IAM, your applications can access resources on Domino servers, for example, user calendar information, without being hosted on Domino. You can host your applications on Node.js, Java, or other platforms and leverage IAM to authorize and generate access tokens for your application to allow it to access Domino resources.
- Precise Authorization Control: Administrator can control which application can access which subset of Domino resources through IAM. For example, an application authorized to access a user's calendar won't be able to access team rooms as the user.
- Safe Password Management: Your applications don't need to store user passwords and consider password safety. Users need only to trust and authenticate with IAM. In addition, OpenID Connect (OIDC) allows your applications to get basic user account information from IAM to use for personalizing applications.
- Single Sign On: When multiple applications are registered with IAM, single sign-on (SSO) across the applications is provided seamlessly.
Domino API Coverage
Domino resources are grouped as OAuth 2.0 scopes. Check the Scopes page for built-in API support. Additional support for all Domino-hosted API's is now possible with configuration described in OAuth2 support for Domino Web Applications.
Components
Domino IAM service provides three components out of the box:
- domino-iam-service: A Node.js based lightweight server, which is deployed along with a Domino server to provide the whole IAM service.
- oauth-dsapi-extension: A Domino extension to enable Domino to trust IAM and consume tokens that IAM grants to your application.
- node-iam-client: A Node.js module to assist your Node.js application to talk with IAM. Java, .Net, and other applications can access IAM directly through IAM's RESTful APIs.
Getting Started
- To start setting up IAM service, visit the IAM Setup page.
- To see how to manage IAM service and register applications, visit the IAM Management page.
- To see how to use node-iam-client library, visit the Client Library Usage page.
- To configure the oauth-dsapi-extension, visit the OAuth DSAPI Extension page.