...
- Unified Login Experience: Tenants can provide a unified login experience across their own specific suite of applications and sites. Users authenticate once with their credentials and instantly gain secure access to that tenant's integrated research tools and data repositories without needing separate passwords.
- Broad Identity Provider Integration: STAR is highly customizable and integrates with a wide array of identity providers to support diverse audiences, including InCommon, ORCID, and Login.gov.
One Realm Per Tenant Model:
EachEach onboarded application (or tenant) receives its own dedicated
Keycloak realmauthorization realm. Realm administrators have full delegated authority to configure user groups, roles, and authorization profiles within that realm according to their specific audience and access requirements.
- Standardized Security & Cloud Infrastructure: STAR ensures that individual applications never handle or store passwords directly. Its infrastructure runs natively on AWS and is scaled across multiple availability zones, ensuring it remains highly available to support critical research applications.
- Protocol Flexibility: STAR supports modern industry-standard authentication protocols, including OIDC (OpenID Connect), SAML 2.0, and OAuth 2.0, making integration straightforward for both cloud-based and on-premises applications.
...