Core Concepts

Understand the key concepts that power Authonomy

Core Concepts

Understanding these key concepts will help you get the most out of Authonomy’s identity infrastructure platform.

Identity Broker

The Identity Broker is Authonomy’s core service that acts as a universal translator between your application and any identity provider (IDP).

How it Works

  • Your application makes standardized API calls to Authonomy
  • Authonomy routes authentication requests to the appropriate customer IDP
  • Handles protocol translation (SAML, OIDC, OAuth2, etc.)
  • Returns normalized user data to your application

Benefits

  • One Integration: Support unlimited IDPs with a single code integration
  • Protocol Agnostic: No need to understand SAML vs OIDC differences
  • Automatic Updates: IDP protocol changes handled transparently
  • Instant Onboarding: New customers can configure their IDP in minutes
// Same code works for any customer IDP
const user = await authonomy.authenticate({
  customerId: 'any-customer-id',
  returnUrl: '/dashboard'
});

Customer Isolation

Each of your customers is completely isolated within Authonomy:

Data Separation

  • Customer-specific configurations for IDPs, policies, and settings
  • Isolated user data - no cross-customer data leakage
  • Separate audit logs for compliance and security
  • Independent policy enforcement per customer

Benefits

  • Meets enterprise security requirements
  • Enables customer-specific customization
  • Simplifies compliance auditing
  • Supports multi-tenancy patterns

Policy Engine

Authonomy’s Policy Engine enforces access control rules across all your systems:

Policy Types

  • Authentication Policies: MFA requirements, session timeout, etc.
  • Authorization Policies: Role-based access, resource permissions
  • Conditional Access: Location-based, device-based, time-based rules
  • Integration Policies: System-specific access controls

Policy Application

// Policies are enforced automatically
app.use('/admin', authonomy.middleware.protect({
  policies: ['require-mfa', 'admin-role-required', 'corporate-network-only']
}));

Visibility Engine

The Visibility Engine captures, analyzes, and presents identity data across your entire infrastructure:

Data Collection

  • Authentication Events: All login attempts, successes, failures
  • Authorization Events: Access grants, denials, policy violations
  • User Journey Tracking: Cross-system user activity
  • Integration Health: IDP status, performance metrics

Analytics & Insights

  • Identity Analytics Dashboard: Real-time view of identity activity
  • Security Anomaly Detection: Unusual access patterns and threats
  • Compliance Reporting: Automated audit trail generation
  • Usage Analytics: User behavior and system utilization

User Context

Authonomy maintains rich User Context that flows through all integrations:

Standard Attributes

const user = {
  id: 'unique-user-id',
  email: 'user@customer.com',
  name: 'John Doe',
  customerId: 'customer-a',
  identityProvider: 'okta',
  
  // Normalized attributes
  groups: ['engineering', 'admin'],
  roles: ['user', 'admin'], // Mapped to your app roles
  department: 'Engineering',
  title: 'Senior Developer'
};

Extended Context

  • Authentication Context: MFA status, session strength, device info
  • Authorization Context: Active permissions, policy compliance
  • Risk Context: Risk score, anomaly indicators, trust level

Identity Mapping

Authonomy normalizes identity data from different IDPs into consistent formats:

Attribute Mapping

// Configure how IDP attributes map to your application
await authonomy.customers.configureAttributeMapping('customer-a', {
  'okta.groups': 'groups',
  'okta.department': 'department', 
  'okta.job_title': 'title',
  'okta.employee_id': 'employeeId'
});

Role Mapping

// Map IDP groups to application roles
await authonomy.customers.configureRoleMapping('customer-a', {
  'Okta_Admins': 'admin',
  'Okta_Engineering': 'engineer',
  'Okta_Sales': 'sales_user'
});

Legacy Integration

Authonomy’s Legacy Integration system modernizes old applications without code changes:

Protection Modes

  • Proxy Mode: Authonomy sits in front of legacy systems
  • Sidecar Mode: Deployed alongside legacy applications
  • API Gateway Mode: Protects API endpoints

Legacy User Mapping

// Map modern identity to legacy user format
app.use('/legacy-erp', authonomy.middleware.protect({
  legacyUserMapping: {
    'email': 'username',        // Map email to username field
    'employeeId': 'user_id',    // Map employee ID to legacy user ID
    'groups': 'roles'           // Map groups to legacy role field
  }
}));

Event Streaming

Authonomy provides real-time Event Streaming for integration with your systems:

Event Types

  • user.authenticated - User successfully logged in
  • user.authorization.granted - Access granted to resource
  • user.authorization.denied - Access denied to resource
  • policy.violated - Security policy violation
  • anomaly.detected - Unusual activity detected

Webhook Integration

// Receive events in your application
app.post('/authonomy-webhook', (req, res) => {
  const event = req.body;
  
  switch (event.type) {
    case 'user.authenticated':
      // Update user's last login time
      updateLastLogin(event.user.id);
      break;
      
    case 'policy.violated':
      // Alert security team
      alertSecurityTeam(event.user, event.policy);
      break;
  }
});

API-First Architecture

Everything in Authonomy is API-First:

Management APIs

  • Customer configuration
  • Policy management
  • User administration
  • Analytics and reporting

Integration APIs

  • Authentication flows
  • Authorization checks
  • Event subscriptions
  • Real-time data access

Dashboard APIs

  • All dashboard functionality available via API
  • Custom integrations and workflows
  • Automated configuration management

Environments

Authonomy supports multiple Environments for development lifecycle:

Environment Types

  • Sandbox: Development and testing
  • Staging: Pre-production validation
  • Production: Live customer traffic

Environment Isolation

  • Separate API keys and endpoints
  • Isolated data and configurations
  • Independent policy enforcement
  • Separate audit trails
const authonomy = new AuthonomyClient({
  apiKey: process.env.AUTHONOMY_API_KEY,
  environment: process.env.NODE_ENV === 'production' ? 'production' : 'sandbox'
});

Next Steps

Now that you understand these core concepts:

  1. 5-Minute Quickstart - See concepts in action
  2. Delegated SSO Guide - Deep dive into identity brokering
  3. Architecture Overview - Technical implementation details
  4. API Reference - Complete API documentation

These concepts work together to provide a comprehensive identity infrastructure platform that scales with your business.