UNITY is an open-source group, identity, and federation management solution. It is regarded as an authentication service for web or cloud services that enables outsourcing of user authentication to UNITY, using various authentication protocols. It also acts as a hub or proxy between the identity federations and the web or cloud services.



Features

  • Management of groups and group hierarchies

  • Provides internal authorisation to control access within the groups

  • Registration and user form management to define forms for enrolment of new users along with email notifications, thus supporting “homeless” users

  • Management of attribute consume and release policies (called translation profiles) on Web administrator interface and provides sandbox to “live” test the authentication and attributes release from the IdPs

  • Attribute schema management to define new types of attributes

  • Supports authentication of users from upstream SAML-, OIDC-, or LDAP-based identity providers as well as native username password and X.509 certificates

  • Acts as an OAuth authorisation and resource server to issue access tokens and enables delegated access to user attributes

  • Enables bridging of SAML identity federations

  • Provides backup and restore functionality of whole server content

  • Allows user interface customisation (or branding) for projects or organisations

  • Different levels of assurance based on the type of an identity provider (e.g. institutional, social media provider) but no fine-grained attribute level support

  • Attribute aggregation / Account linking

  • Unique user identities

  • User-managed identity information through the provided user registration and account forms.

  • Up-to-date identity information (from UNITY v1.8.0)

  • Non-web federated access but only when UNITY is not used as proxy IdP, that is only by the native users of UNITY.

Supported standards

  • SAML2 (IdP and SP)

    • Web SSO Profile

    • SOAP Attribute Query

    • ECP for non-Browser based clients

  • OAuth 2.0 and OIDC

  • X.509

User Interfaces and APIs

  • Separate Web user interfaces for administrators and normal users respectively
  • REST API to query user attributes
  • Java API

Support for Virtual Organisations

  • Hierarchical organization of groups (may be generic enough to be called VOs or virtual communities(?))
  • Design and invocation of group specific registration forms

Dependencies on other technologies

  • Java runtime environment
  • Bundled with an embedded SQL database, but also supports MySQL and PostgreSQL

Operational overview

UNITY distribution can be downloaded and deployed as a standalone service. It can also be deployed in a manner to achieve high availability, however relies on backend SQL database replication functionality.

Expected level of support


  • No labels