Overview

Labshare Auth (LS-Auth) is a login service and application toolkit for secure on-line collaboration. It provides identity and access management (IAM) services for applications with minimal overhead. The software facilitates integration of web applications with multiple identity services, enabling a “Bring Your Own Account” (BYOA) approach to user authentication. LS-Auth supports the most widely used standards for authentication and authorization and provides numerous additional features and services to secure applications.

Why Use LS-Auth?

  • Securely manage access for users from multiple organizations.
  • Facilitates integrating multiple applications with multiple login services using industry standard protocols.
  • Valuable features out of the box for enhancing security and managing access.
  • Flexible solution that supports the major standards and can be easily customized to meet special requirements.

Features

  • Identity brokering – supports login via multiple identity providers with single sign-on to multiple applications with flexible authorization options.
  • Federation protocols – supports the major federation protocols for identity providers and client applications; OpenID Connect, SAML 2.0, and WS-Federation.
  • Multi-tenancy – allows separate groups to manage integrations independently on a common service.
  • Identity Provider support – supports major enterprise and social login identities out of the box.
  • Protocol translation – allows client applications to use a different protocol from the identity providers.
  • Two-factor authentication – enforce stronger security by requiring two-factor authentication using the TOTP standard.
  • Single sign-on (SSO) and Single Logout (SLO) – Allows users to switch between apps without having to log in again. Can also log users out of multiple applications with a single click.
  • Access control – Manage roles and permissions for users and client apps. Supports OAuth standard authorization with JSON Web Tokens (JWT). Supports whitelist/blacklist and-script based authorization rules.
  • Scriptable rules – Custom scripts can be used for advanced authorization rules.
  • Customizable display – Customize images and text or entire UI.
  • Authorization – Supports OAuth2 authorization claims (scopes).
  • Access request workflow – Supports creating and managing workflows for user access requests, invitations and approvals.
  • Messaging integration – Customizable email notifications.
  • Logging and analytics – Built-in audit and event logs. Integration with enterprise log management systems (EFK, Splunk).
  • Custom cloud service integrations – Custom integration options for popular cloud services such as Google, Jira, and Palantir.
  • Command line interface (CLI) – [coming soon] scriptable commands for managing LS-Auth configuration.
  • User Self-Service – [coming soon] Portal for user to view and update their own data.

Getting started

View the actual Labshare Auth documentation here.

How to Edit this Documentation

How to update this documentation using the Jekyll framework.