Skip to main content
Skip table of contents

Supported Federation Protocols

My-Access allows customers to use Memority as Identity Provider (IdP) to access Google Apps, ServiceNow, Azure, Workspace One or any other Cloud or on-premise applications compatible with federation standards such as SAMLv2, OAUTH2/OIDC, WS-Federatio or, WS-Trust.

SAMLv2 and WS-FED

My-Access supports the following profiles/bindings for SAMLv2:

Supported SAMLv2 Bindings

Web Browser SSO SP-Initiated Redirect-POST

Web Browser SSO SP-Initiated POST-POST

Web Browser SSO SP-Initiated Artifact

Web Browser SSO IDP-Initiated POST

Web Browser SSO IDP-Initiated Artifact

Single Logout (SLO)

With regards to the WS-Federation protocol, My-Access supports Passive Requestor Profile for SP-initiated SSO.

My-Access can also delegate authentication for a specific user (based on user attribute or user group) to a third-party public Identity Provider (Google, Facebook, Twitter, etc.) or private IdP.

OAUTH2 / OpenID Connect

My-Access supports the OAuth2 protocol as authorization server.

In this role, My-Access authenticates users, generates tokens (access tokens and refresh tokens) for client applications and validates these tokens.

My-Access supports the following grant types of OAuth 2.0 protocols:

Supported OAuth2 Grant Types

Authorization Code

Resource Owner Password Credentials (ROPC)

Implicit

Client Credentials

JWT Bearer

SAML2 Bearer Assertion

Memority is also compliant with RFC 7636 (PKCE OAuth).

Memority supports the following profiles of OpenID Connect protocols:

Supported OIDC Protocols

Authorization Code Flow

Implicit Flow

Hybrid Flow

Single Sign-On (SSO)

My-Access offers different Single Sign-On mechanisms when users are successively accessing multiple resources secured by Memority:

  • Web SSO for Web applications supporting Web federation standards such as SAMLv2, OAUTH2 or WS-Federation.

  • Mobile SSO for native mobile Apps developed by the enterprise for which a SDK-based on Google AppAuth is provided.

  • SSO between mobile Apps and federated web applications.

If needed, for security reason, an application can force users to re-authenticate to Memority instead of relying on Single Sign-On using forceauthn federation property.

Read Next

Supported Federation Protocols — My-Access allows customers to use Memority as Identity Provider (IdP) to access Google Apps, ServiceNow, Azure, Workspace One or any other Cloud or on-premise applications compatible with federation standards such as SAMLv2, OAUTH2/OIDC, WS-Federatio or, WS-Trust.
Self-Service Federation Portal — My-Access includes Self-Service Federation portal. It allows third-party administrators, usually administrators from the application support team, to onboard, deploy and validate their application federation within Memority.
Third Party Authentication (Social Login & Private IdP Proxy) — My-Access supports SAML2, OIDC and OAuth2 protocols as Service Provider (SP) in a scenario where user authentication/authorization is delegated to an external Social Network (Meta, Google, X, etc.) or private third party Identity Provider (IdP) using their own local credentials.
Integration With O365 And Azure — Memority fully supports integration with Office 365 and Azure environment, from authentication/federation of one or multiple O365 domains to provisioning of user accounts and licenses.
Legacy Applications — Not all enterprise applications support federation protocols and for legacy applications evolution may not be an option.

READ NEXT:

Self-Service Federation Portal

Self-Service Authentication Hub

Third Party Authentication (Social Login & Private IdP Proxy)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close