Cloud API Authentication
Succeed Insurance wants needs to be sure their integrations are secure. They understand that Guidewire uses Okta but are not sure how or when it is used. They also want to understand the authentication architecture as a whole.
Learning Objectives
The learning objectives for this module are:
- Understand the different authentication flows for Cloud authentication.
- Understand the how to select the correct learning flow for your implementation.
- Understanding the kinds of callers that are supported by the authentication flows.
Authentication flows
There are many different authentication flows that can occur when doing integrations between InsuranceSuite and external applications. The flow that is chosen is based on the kind of integration that is being done. For example, a REST call to an external application will use one type, where an an external application calling InsuranceSuite will use another type. In addition, Integration Gateway and App Events will use another set of authentication options.
To gain understand on the different type of callers and access read the information from this documentation page.
Selecting an authentication flow
Now that you have understanding of the authentication flows, you need to decide which flow to use. The primary items to consider are:
What OAuth flow must the caller application use?
What user is attached to the session?
Where are authorization values stored?
Who enforces resource access?
What values are used as resource access IDs?
In order to understand a summary of the issues to consider, check out this table.
Basic authentication flows in detail
Cloud API supports several different authentication flows. Each flow supports one of the following types of callers:
Internal users using basic auth
Internal users using bearer token auth
External users
Standalone services
Services with user context
Services with service account mapping
Unauthenticated callers
The following documentation covers this information.
Standards
Be sure to read the following SurePath documentation for REST webservice authentication.
Knowledge Check
To validate your knowledge please complete this Knowledge Check of the information you just read.
Was this page helpful?