Gartner Research

Deploying OAuth and OpenID Connect for Enterprise Use Cases

Published: 03 September 2013

ID: G00252923

Analyst(s): Mary Ruddy

Summary

To meet the challenges that mobile apps and cloud services pose to the enterprise, newer identity protocols such as OAuth and OpenID Connect have evolved and are increasingly being deployed.

Table Of Contents

Summary of Findings

Analysis

  • Evolution
  • Enterprise Use Case Scenarios
  • Core OAuth 2.0 Delegation Use Case Example
  • Mobile Apps
    • Inbound: Customer Uses Mobile App for Access to Enterprise Service
    • Outbound: Employee Accesses SaaS Application via Mobile App
  • API Protection
    • Partner Uses API to Access Enterprise Service
  • Web Access
    • Inbound: Customer With OpenID Connect Social Identity Accesses Enterprise SAML-Based Web Application via Browser
    • Outbound: Enterprise User Accesses SAML-Enabled Partner's REST Applications Without Additional Logon
  • Trust
  • Management of User Attributes and Permissions
  • Strengths
  • Weaknesses
  • Adopt OAuth 2.0 If Cross-organizational Access to REST Applications Is Required
  • Base New OpenID IDPs on OpenID Connect Rather Than OpenID 2.0
  • Implement Lower-Assurance Use Cases First
  • Plan to Need to Perform Additional Assurance Steps If Upgrading an OpenID 2.0 IDP to a Higher-Assurance OpenID Connect IDP
  • Choose Trust Relationships Carefully
  • Evaluate Accepting Social Logins to Consumer Web Applications
  • Avoid Creating Shadow Accounts If Possible

The Details

  • OAuth 2.0
  • OpenID Connect
  • Adoption

Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.