OpenID Connect API Authentication
The OpenID Connect API Authentication adds an extra layer of protection to your APIs. When OpenID Connect (OIDC) API authentication is implemented, IdP is used for user authentication and JWT token generation for the Qualys API access. You can use the OIDC API authentication to authenticate Qualys API using identity providers (IdP).
Once you enable OpenID connect API authentication, you can use either basic authentication or JWT token authentication while executing the Qualys APIs.
Key Highlights
- Seamless integration of OpenID Connect to enhance API authentication and authorization measures.
- Compatibility with current identity providers and authentication to facilitate a seamless integration experience.
- This authentication is supported by all Qualys APIs, /api/2.0/ and onward versions.
- Eliminates the need for users to provide a username and password. This streamlines Qualys API access by allowing users to use JWT tokens, bypassing the hassle associated with usernames and passwords.
Enable OpenID Connect API Authentication
- This feature is not available by default. Contact Qualys support to enable it for your subscription. There is an onboarding process that needs to be followed. Refer to the Onboarding Process.
- This feature requires IdP.
Benefits
- Enhanced API security
OpenID Connect (OIDC) uses tokens to establish a user's identity and grant access. - Standardized access control
OpenID Connect (OIDC) provides a standardized way to manage user identities and access control - Centralized Authentication
By enabling IdP-initiated SSO, users can authenticate once through your organization’s Identity Provider (IdP) and gain access to all the necessary APIs without needing to log in again. This simplifies the user experience and reduces password fatigue, making access faster and more secure. - Compliance and Security
Helps to meet compliance requirements by ensuring that user authentication processes adhere to established security protocols like SAML and OIDC.