Skip to main content

Cloud API Authentication

Succeed Insurance wants needs to be sure their integrations are secure. They understand that Guidewire uses Okta but are not sure how or when it is used. They also want to understand the authentication architecture as a whole.

Learning Objectives

The learning objectives for this module are:

  • Understand the different authentication flows for Cloud authentication.
  • Understand the how to select the correct learning flow for your implementation.
  • Understanding the kinds of callers that are supported by the authentication flows.

Authentication flows

There are many different authentication flows that can occur when doing integrations between InsuranceSuite and external applications. The flow that is chosen is based on the kind of integration that is being done. For example, a REST call to an external application will use one type, where an an external application calling InsuranceSuite will use another type. In addition, Integration Gateway and App Events will use another set of authentication options.

To gain understand on the different type of callers and access read the information from this documentation page.

Selecting an authentication flow

Now that you have understanding of the authentication flows, you need to decide which flow to use. The primary items to consider are:

  • What OAuth flow must the caller application use?

  • What user is attached to the session?

  • Where are authorization values stored?

  • Who enforces resource access?

  • What values are used as resource access IDs?

In order to understand a summary of the issues to consider, check out this table.

Basic authentication flows in detail

Cloud API supports several different authentication flows. Each flow supports one of the following types of callers:

  • Internal users using basic auth

  • Internal users using bearer token auth

  • External users

  • Standalone services

  • Services with user context

  • Services with service account mapping

  • Unauthenticated callers

The following documentation covers this information.

Standards

Be sure to read the following SurePath documentation for REST webservice authentication.

Knowledge Check

To validate your knowledge please complete this Knowledge Check of the information you just read.

Legal and Support Information
Copyright © 2001-2024 Guidewire Software, Inc.