Apigee provides integration with external IAM solution like ForgeRock. Apigee mandates clientId although authroization is delegated

We are exploring Apigee as part of our SSO flow with ForgeRock as the single IAM solution across the enterprise.

Apigee supports adoption of OAuth Tokens generated by external authorization server.In this process it bypass client_cerdentials but it does manadate client_id.

This is an awesome features which very few gateways supports but mandation of Client Id is a big management overhead especially for enterprise users. This means all end users has to be onboarded twice, on ForgeRock as well as Apigee .

1. Why is this design so ?

2. Is there something already in pipeline to overcome this management overhead ? if not

3. Is it possible to automaticlly synchronize these users from ForgeRock to Apigee

0 0 326
0 REPLIES 0