As an enterprise integration platform and backend, API-oriented, application server, Zato 3.0 ships with Single Sign-On and User Management APIs whose many exciting features are detailed in this blog post.
No need for maintaining one's own user database
Everything is API-based - user creation, updates, logging in, logging out, checking access, creating sessions, validating sessions, search, there is an API call for everything
Strong encryption and safe data storage assist in achieving compliance with regulations such as HIPAA or EU GDPR
APIs exist for both REST and Python calls which means that everything is also available to user-based services communicating through additional protocols, such as AMQP, WebSockets, ZeroMQ, IBM MQ or any other that Zato supports
Comes with a built-in workflow for user signup, including user approval and welcome messages - just fill in the email templates
Personally Identifiable Information (PII) can be optionally encrypted and decrypted without any programming needed
Both users and their sessions can be given arbitrary key/value tags, also optionally encrypted and decrypted on the fly
Users can be required to log in from selected applications only
Users can be required to access APIs from selected IP addresses only
PBKDF2 parameters can be easily fine-tuned in each environment separately
Configurable warnings of an approaching password expiry
Password strength enforcement, including length checks and blacklisting of the most commonly used ones
Audit log keeps track of who accesses personal information and for what purpose
Clearly defined roles - regular users and admins (super-users)
Convenient command line tools for scripted management of user accounts, including typical tasks such as resetting a user's password or locking and unlocking an account
Extensive documentation covering the functionality, including dozens of REST and Python examples
The functionality is a major addition to Zato in version 3.0 and can be expected to expand with each new release, including support for additional authentication methods and interoperability with existing authentication protocols, yet in its initial form it can already handle a lot of use-cases and processes.
In particular, if you are creating applications that would not otherwise need a full server nor a database, e.g. single-page apps or mobile ones, be sure to check the new APIs out!