IoT and API Access Management
Transmit provides a full suite of identity services for IoT devices and IoT vendors. At the center sits a repository of identities that is highly scalable and can support tens of millions of identities of both devices and users. Organizations that have an existing repository can leverage it and are not required to switch or migrate. Transmit is even capable of working with multiple identity stores at the same time and orchestrating between them at run-time as well as augmenting existing identity stores with more capabilities and enriched data. On top of the identity store, vendors can build various journeys for registering new users, registering new devices, associating a device with a user, de-registering a device, and more. Each of these journeys orchestrates advanced authentication techniques, risk detection functions, advanced authorization, and mobile device capabilities.
Use Transmit to provide Access Tokens to APIs. Transmit works with any API Gateway to enforce advanced authentication and authorization logic before providing access tokens. In the absence of an API Gateway, the Transmit Identity Gateway can be used as an authentication and authorization enforcement point in front of your APIs. Whenever an application attempts to call your API, the API Gateway can call Transmit for authentication and authorization. In Transmit, you can build advanced session management, token validation, authorization, and authentication rules to properly secure access to your APIs. Based the rules defined, the API gateway will either allow or reject the call.
Over-the-Air Journeys is the technology that sets Transmit apart from all other vendors. Using Over-the-Air Journeys, application owners can use graphical tools and an orchestration language to design simple and complex user journeys that involve authorization, authentication, KYC, fraud prevention, regulatory requirements, and more. Once done, these journeys can be pushed "over the air" and played in any application that is connected to Transmit, without making any code changes to the application and without the need to re-publish the application. Over-the-Air Journeys consist of two main technologies - a Journey Player and an Orchestration Engine. The Journey Player is incorporated into your applications as an SDK and is responsible for playing the entire journey inside the application. The Journey Player works with the Transmit Orchestration Engine which orchestrates the journey and defines the next steps on either the client or server side.
Transmit provides a full set of authentication services to manage primary login, multi-factor, and step-up authentication across various applications and channels. The platform includes a large set of built-in authenticators such as OTPs, soft tokens, biometric authenticators, and knowledge-based authenticators. In addition, the platform can be used to manage any third-party authenticator or authentication service connected to the Identity Services Hub. Transmit’s authentication services manage the enrollment process for each authenticator and also tasks such as de-enrollment, re-enrollment, and expiry periods. The platform provides flexible ways of defining authentication levels and attaching them to different authenticators and journeys. The platform allows building rules for authentication failures across different authenticators and devices and taking various actions when thresholds are reached. Transmit is FIDO certified and can be used to manage any FIDO authenticator alongside non-FIDO authenticators.
Bring your own directory from any vendor and connect it to the Transmit Identity Services Hub or just enable the built-in LDAP-based directory that is already included in the Transmit platform. You can also connect multiple directory services and easily orchestrate them using Transmit’s orchestration engine, which completely isolates your applications from any directory service you chose to work with. Using Transmit platform, you can switch between directories, consolidate directories, route between directories based on any attribute, and combine on-premise and cloud directory services with no impact on your applications. Transmit also includes modern APIs which can be used to access directory information as an alternative to LDAP.
The platform offers role-based access control (RBAC) and attribute-based access control (ABAC) services across all applications. The platform automatically collects device and environmental attributes—for example, location, device type, and connection type—and exposes them to the orchestration engine. The platform is capable of reading entitlements and risk indicators from multiple directories, databases, and engines at the same time, including a built-in entitlement store. This information can be orchestrated at run-time to reach access decisions and to call for actions such as authenticating, blocking an activity, approving an activity, notifying of an activity, requesting authorization from multiple users across multiple devices, and signing transactions and user requests.
Identity Gateway Services
Transmit Identity Gateway is based on a reverse proxy technology that sits in front of applications and APIs and enforces authorization and authentication policies without the need to make any changes to applications. Typical use cases include controlling access to hundreds of web applications and the replacement of outdated Web Access Management solutions such as CA SiteMinder™. Unlike traditional gateways that rely on simple access rules, Transmit Identity Gateway is based on Zero Trust technologies which inspect access to applications based on the trust level of the user’s device, the environment, the session, the level of risk, and the user’s behavior. The Transmit Gateway also incorporates the Over-the-Air Journeys Technology and the Identity Services Hub capabilities, and it can run advanced step-up, multi-factor authentication processes as well as device management and enrollment activities.