WSO2 Identity Server vs Key Manager

The below table contains the key differences between WSO2 Identity Server and WSO2 Key Manager which are bundled in the same package of API Management product.

The table will help decide to choose the product for different project scenarios. In most cases, the default Key Manager is enough for API authentication and authorization. If the application requires to have a permission-based authorization, then Identity Server is necessary.

Feature

Key Manager

Identity Server

API Authentication

Basic

x

x

API Key

x

x

OAuth 2.0

x

x

OpenID Connect

x

x

IWA

x

Support MFA (OTP, Token, Mobile Push Notification, Bio Metrics,...)

x

Step-up authentication

x

Contextual-based authentication

x

Risk-based authentication (using AI)

x

API Authorization

Role-based access control

x

x

Permission Tree

x

XACML 3.0

x

OAuth2 scopes

x

Adaptive access control (dynamic role injections/mappings)

x

User Store

LDAP

x

x

Active Directory

x

x

RDBMS

x

x

Identity federation

SAML 2.0

x

OpenID Connect

x

Social Identity Provider (Google, Facebook,...)

x

Application SSO

OpenID Connect

x

x

SAML 2.0

x

x

WS-Federation

x

WS-Trust

x

CAS

x

User onboarding workflows

Admin-initiated user creation with username+password

x

x

Self-registration workflow with account confirmation via email

x

x

Just-In-Time Provisioning workflow

x

x

Identity Lifecycle Management

Account locking for incorrect password attempts

x

x

Account lock timeout

x

x

Password Management

Self-service password recovery workflow using email

x

x