Extending Red Hat SSO

More and more organizations are using Red Hat Single Sign-On (Red Hat SSO) as the foundation for securing user identities for enterprise and consumer applications. The focus on providing both robust security and a seamless user experience needs to be equally considered. Neither of these requirements should be compromised, especially as applications are being built for a multi-cloud world on Red Hat OpenShift.

Red Hat SSO plus IBM Security Verify

With Red Hat SSO plus IBM Security Verify extensions, developers can continue building applications protected by Red Hat SSO, but also add another layer of advanced authentication and ID-less/passwordless experiences. IBM Security Verify extends the ability for Red Hat SSO developers to create authentication flows that extend QRCode, Mobile Push, FIDO, SMS, and email as different authenticators that can be used as first- or second-factor authentication. In the case of QRCode and FIDO, these can be used for ID-less and passwordless authentication, providing a frictionless end-user experience.

Red Hat SSO developers can download and place the extensions into their Red Hat SSO environment to create the necessary authentication flows. In the case of email and SMS second-factor authentication, Verify maintains and manages all of the necessary components that Red Hat SSO developers would have to configure themselves, such as SMTP and SMPP servers, as part of the Verify identity-as-a-service experience.

Using QRCode as an example, a Red Hat SSO user can easily configure ID-less and passwordless experiences natively within Red Hat SSO to provide a more secure and frictionless authentication flow. All Red Hat SSO developers need to do is create an API client with Verify, drop the Verify extensions in their Red Hat SSO deployment, and configure the QRCode authentication flows within Red Hat SSO (see Figure 1). The steps to add other authentication flows are just a matter of modifying the last step: Configuring the authentication flows.

Screenshot of the example authentication flow
Figure 1: Example authentication flow with IBM Security Verify QRCode.

By using Verify, Red Hat SSO developers can also get visibility and analytics into authentication events when different authenticators are being used with applications protected by Red Hat SSO. This provides Red Hat SSO developers the ability to detect where users are authenticating from, determining and seeing any potential anomalies by being able to drill down into each of the events, and more. These types of reports may be used for auditing and compliance purposes, as shown in Figure 2.

Screenshot of chart and graph showing authentication event summary and details
Figure 2: Viewing authentication event summary and details.

Getting started

Within twenty minutes, advanced authentication and frictionless experiences can be added to Red Hat SSO deployments:

  1. Create a free Verify tenant.
  2. Download the extensions and drop them into a Red Hat SSO deployment.
  3. Configure your desired authentication flows. The user guide can provide more details as needed.

Additional information can be found in the IBM Security GitHub. You can also get more details for a step-by-step walkthrough of using Verify extensions with Red Hat SSO through the user guides, along with documentation for a sample application that developers can get started with and explore further.

Last updated: March 30, 2023