Overview

Labshare Auth (LS-Auth) is a login service and application toolkit for secure on-line collaboration. It provides identity and access management (IAM) services for applications with minimal overhead. The software facilitates integration of web applications with multiple identity services, enabling a “Bring Your Own Account” (BYOA) approach to user authentication. LS-Auth supports the most widely used standards for authentication and authorization and provides numerous additional features and services to secure applications.

Why Use LS-Auth?

  • Securely manage access for users from multiple organizations.
  • Facilitates integrating multiple applications with multiple login services using industry standard protocols.
  • Valuable features out of the box for enhancing security and managing access.
  • Flexible solution that supports the major standards and can be easily customized to meet special requirements.

Features

  • Identity brokering – supports login via multiple identity providers with single sign-on to multiple applications with flexible authorization options.
  • Federation protocols – supports the major federation protocols for identity providers and client applications; OpenID Connect, SAML 2.0, and WS-Federation.
  • Multi-tenancy – allows separate groups to manage integrations independently on a common service.
  • Identity Provider support – supports major enterprise and social login identities out of the box.
  • Protocol translation – allows client applications to use a different protocol from the identity providers.
  • Two-factor authentication – enforce stronger security by requiring two-factor authentication using the TOTP standard.
  • Single sign-on (SSO) and Single Logout (SLO) – Allows users to switch between apps without having to log in again. Can also log users out of multiple applications with a single click.
  • Access control – Manage roles and permissions for users and client apps. Supports OAuth standard authorization with JSON Web Tokens (JWT). Supports whitelist/blacklist and-script based authorization rules.
  • Scriptable rules – Custom scripts can be used for advanced authorization rules.
  • Customizable display – Customize images and text or entire UI.
  • Authorization – Supports OAuth2 authorization claims (scopes).
  • Access request workflow – Supports creating and managing workflows for user access requests, invitations and approvals.
  • Messaging integration – Customizable email notifications.
  • Logging and analytics – Built-in audit and event logs. Integration with enterprise log management systems (EFK, Splunk).
  • Custom cloud service integrations – Custom integration options for popular cloud services such as Google, Jira, and Palantir.
  • Command line interface (CLI) – [coming soon] scriptable commands for managing LS-Auth configuration.
  • User Self-Service – [coming soon] Portal for user to view and update their own data.

Next Steps

Install locally LS-Auth and Admin UI servers.

Explore the LS-Auth documentation.

Explore the CLI documentation.

Learn how to create and update Tenants, Clients, Providers, etc.