1.4 How Secure API Manager Authentications Work

The users of Secure API Manager are the API developers who create and manage the APIs stored in the API Gateway. There are no separate administration accounts for Secure API Manager. You use your Access Manager administration accounts to deploy and manage Secure API Manager.

When an API developer accesses the Publisher or the Store, Secure API Manager makes a call to the Identity Provider, which is the Identity Server. The Identity Server checks to see if there is an account for the developer in the User Store. If there is, and the account has the proper privileges, Secure API Manager allows the developer access to the Publisher or the Store.

The Access Manager administrators authenticate through the means you have defined to secure access to the Administration Console and the administrator accounts. For more information, see Managing Administrators in the NetIQ Access Manager Appliance 5.0 Administration Guide.

Figure 1-6 User Authentications