Identity and Access Management (IAM) plays a crucial role in modern cybersecurity by ensuring secure authentication, authorization, and access control. This thesis presents the de- sign and implementation of a scalable and multi-tenant IAM system developed during my in- ternship at InkwellData, aimed at integrating with the SWaRM application to provide secure identity management for the company’s clients. The system is built using industry-standard authentication protocols, including OAuth 2.0 and OpenID Connect (OIDC), enabling robust token-based authentication and authorization. It supports both traditional login mechanisms and external authentication via Google Sign-In, ensuring security while enhancing user experi- ence. A key feature of this IAM system is its multi-tenancy architecture, which allows mul- tiple organizations (tenants) to operate within a shared platform while maintaining complete data isolation and independent access control policies. The system provides dedicated APIs for tenant management, enabling organizations to define their users, roles, and permissions autonomously. Beyond authentication and tenant isolation, the system incorporates a structured autho- rization flow, secure client registration, and an extensible user information endpoint. The plat- form is designed with scalability and extensibility in mind, ensuring seamless integration with client applications via RESTful APIs. Future enhancements, such as multi-factor authenti- cation (MFA), and integration with enterprise identity providers (e.g., Azure AD, Okta), will further strengthen security and adaptability. By implementing a robust, multi-tenant IAM system, this thesis contributes to advancing identity management solutions, particularly for SaaS applications requiring scalable, secure, and flexible authentication. The findings and design principles presented serve as a valuable reference for organizations seeking to enhance their identity management strategies.
Identity and Access Management (IAM) plays a crucial role in modern cybersecurity by ensuring secure authentication, authorization, and access control. This thesis presents the de- sign and implementation of a scalable and multi-tenant IAM system developed during my in- ternship at InkwellData, aimed at integrating with the SWaRM application to provide secure identity management for the company’s clients. The system is built using industry-standard authentication protocols, including OAuth 2.0 and OpenID Connect (OIDC), enabling robust token-based authentication and authorization. It supports both traditional login mechanisms and external authentication via Google Sign-In, ensuring security while enhancing user experi- ence. A key feature of this IAM system is its multi-tenancy architecture, which allows mul- tiple organizations (tenants) to operate within a shared platform while maintaining complete data isolation and independent access control policies. The system provides dedicated APIs for tenant management, enabling organizations to define their users, roles, and permissions autonomously. Beyond authentication and tenant isolation, the system incorporates a structured autho- rization flow, secure client registration, and an extensible user information endpoint. The plat- form is designed with scalability and extensibility in mind, ensuring seamless integration with client applications via RESTful APIs. Future enhancements, such as multi-factor authenti- cation (MFA), and integration with enterprise identity providers (e.g., Azure AD, Okta), will further strengthen security and adaptability. By implementing a robust, multi-tenant IAM system, this thesis contributes to advancing identity management solutions, particularly for SaaS applications requiring scalable, secure, and flexible authentication. The findings and design principles presented serve as a valuable reference for organizations seeking to enhance their identity management strategies.
Design and Implementation of a Cybersecure Multi-Tenant Identity and Access Management Platform Using OpenID Connect
GÜLTEN, FERIDUN CEMRE
2024/2025
Abstract
Identity and Access Management (IAM) plays a crucial role in modern cybersecurity by ensuring secure authentication, authorization, and access control. This thesis presents the de- sign and implementation of a scalable and multi-tenant IAM system developed during my in- ternship at InkwellData, aimed at integrating with the SWaRM application to provide secure identity management for the company’s clients. The system is built using industry-standard authentication protocols, including OAuth 2.0 and OpenID Connect (OIDC), enabling robust token-based authentication and authorization. It supports both traditional login mechanisms and external authentication via Google Sign-In, ensuring security while enhancing user experi- ence. A key feature of this IAM system is its multi-tenancy architecture, which allows mul- tiple organizations (tenants) to operate within a shared platform while maintaining complete data isolation and independent access control policies. The system provides dedicated APIs for tenant management, enabling organizations to define their users, roles, and permissions autonomously. Beyond authentication and tenant isolation, the system incorporates a structured autho- rization flow, secure client registration, and an extensible user information endpoint. The plat- form is designed with scalability and extensibility in mind, ensuring seamless integration with client applications via RESTful APIs. Future enhancements, such as multi-factor authenti- cation (MFA), and integration with enterprise identity providers (e.g., Azure AD, Okta), will further strengthen security and adaptability. By implementing a robust, multi-tenant IAM system, this thesis contributes to advancing identity management solutions, particularly for SaaS applications requiring scalable, secure, and flexible authentication. The findings and design principles presented serve as a valuable reference for organizations seeking to enhance their identity management strategies.| File | Dimensione | Formato | |
|---|---|---|---|
|
Gulten_FeridunCemre.pdf
accesso aperto
Dimensione
2.56 MB
Formato
Adobe PDF
|
2.56 MB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/84355