ACP Overview
Get familiar with the Authorization Control Plane (ACP) product. Learn about its most important concepts, features and capabilities.
What ACP is
Cloudentity ACP is a cutting edge platform for application and API access control. ACP consolidates the capabilities of a modern OAuth/OIDC server with advanced authorization, governance, consent management, and developer enablement features.
ACP enables modern applications to maintain a Zero Trust Policy by ensuring that contextually aware authorization happens for any API, service, or transaction. It keeps your users and data secure.
Flagship capabilities
Among all of the features of a modern platform for the Application and API access control, some of the ACP capabilities are especially worth a highlight:
-
Open Banking / Open Data compliance
Emerging financial enablement regulations differ among regions of the world. Cloudentity adopted the unique approach to accelerate and navigate between different regional Open Banking standards. ACP methodology is based on the regional Security Profiles that codify the standards implementations and Security Policy Packs that allow users to select the policies that apply to them.
-
Fine-grained and externalized Dynamic Authorization for your applications and services
Use ACP as your authorization provider to protect your APIs and services.
-
Native integration with Service Meshes and API Gateways
Cloudentity ACP delivers an out of the box integration with various Service Meshes, for example, Istio, and API Gateways like Istio, Pyron Authorizer, AWS Gateway, and more.
-
Consent and Privacy management enabling Zero Trust for Consumers
ACP as a service provider gives your users control over their personally identifiable information (PII) with a proper granularity. You can enhance the privacy of your users by setting up a proper policy structure that ensures the highest security level possible.
-
API discovery
Aggregate where your web services and web APIs are located and centralize their location in one place to be able to have full control over your APIs security.
-
ACP gives you freedom of choosing your own identity provider. It provides you with enterprise connectors for major cloud IDPs that are SAML/OIDC based. You can also build your custom non-SAML and non-OIDC integration.
-
Classify your APIs, consent actions, or services by using the data classification tags to have more control over your data at the lowest granularity possible.
Where it fits
To fully understand the way Authorization Control Plane operates, you have to know where it fits in the world of dynamic authorization.
ACP acts as a bridge between your authentication provider (for example, Okta, OpenID, SAML) and API consuming applications. It is a safeguard of your APIs and user data. It provides identity policy automation and authorization governance for the Zero Trust policy between applications, services, users, developers and data.
What it provides
With ACP, Cloudentity provides you with:
-
Three deployment types:
-
On-prem with Kubernetes and/or Docker
-
On-prem with Linux packages
-
Hybrid SaaS with ACP running as a service and with a distributed MicroPerimeter authorizer.
-
-
Modern authorization server with:
-
Latest OAuth2.0/OIDC and related specification support (FAPI, PKCE, and more)
-
Preconfigured workspace templates that enable quick and easy setup for specific configuration patterns. For example, you can instantly create an Open Banking compliant workspace that has all of the required mechanisms and settings already in place.
-
Third Party developer involvement with the developer self-service portal to create and secure applications quickly and efficiently.
-
Ultra-scalable and lightweight performance
-
-
and more!
Read more
You can find a list of ACP features with more details provided on each ACP capability in the Features section of the documentation.
What is next
Now that you know the basics about Authorization Control Plane, you can either proceed to our more detailed documentation or jump into development to get your hands a little dirty setting up a demo environment. To learn how to do this, see the Quick Start guides