Merge pull request #4836 from himeshsiriwardana/devrel-concept-docs

en/asgardeo/docs/concepts/api-security.md

@@ -0,0 +1 @@
+{% include "../../../includes/concepts/api-security.md" %}

en/asgardeo/docs/concepts/customer-iam.md

@@ -0,0 +1 @@
+{% include "../../../includes/concepts/customer-iam.md" %}

en/asgardeo/docs/concepts/workforce-iam.md

@@ -0,0 +1 @@
+{% include "../../../includes/concepts/workforce-iam.md" %}

en/identity-server/7.0.0/docs/concepts/add-login.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/add-login.md" %}

en/identity-server/7.0.0/docs/concepts/api-security.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/api-security.md" %}

en/identity-server/7.0.0/docs/concepts/basic-concepts.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/basic-concepts.md" %}

en/identity-server/7.0.0/docs/concepts/customer-iam.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/customer-iam.md" %}

en/identity-server/7.0.0/docs/concepts/index.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/index.md" %}

en/identity-server/7.0.0/docs/concepts/workforce-iam.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/workforce-iam.md" %}

en/identity-server/next/docs/concepts/add-login.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/add-login.md" %}

en/identity-server/next/docs/concepts/api-security.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/api-security.md" %}

en/identity-server/next/docs/concepts/basic-concepts.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/basic-concepts.md" %}

en/identity-server/next/docs/concepts/customer-iam.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/customer-iam.md" %}

en/identity-server/next/docs/concepts/index.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/index.md" %}

en/identity-server/next/docs/concepts/workforce-iam.md

@@ -0,0 +1 @@
+{% include "../../../../includes/concepts/workforce-iam.md" %}

en/includes/concepts/add-login.md

@@ -15,22 +15,22 @@ You also need to consider enabling sign-up and sign-in options through popular s
 
 ## Add user login 
 
-Add user login to your application by simply integrating the right Asgardeo SDK as per your application development technology. Asgardeo SDKs provide you with the necessary components and utilities to easily add user login into your application, manage tokens and maintain authentication state. 
+Add user login to your application by simply integrating the right {{product_name}} SDK as per your application development technology. {{product_name}} SDKs provide you with the necessary components and utilities to easily add user login into your application, manage tokens and maintain authentication state. 
 
-Behind the scenes, Asgardeo SDKs use the OpenID Connect protocol to handle login requests with Asgardeo. When a user attempts to log in, they are redirected to Asgardeo for login. Once the user is authenticated, the application receives an OpenID Connect ID token, which includes the user's information and metadata. Asgardeo SDKs simplify the complexities of OpenID request-response flows and token processing, and enable security best practices such as token validation and the PKCE extension by default.
+Behind the scenes, {{product_name}} SDKs use the OpenID Connect protocol to handle login requests with {{product_name}}. When a user attempts to log in, they are redirected to {{product_name}} for login. Once the user is authenticated, the application receives an OpenID Connect ID token, which includes the user's information and metadata. {{product_name}} SDKs simplify the complexities of OpenID request-response flows and token processing, and enable security best practices such as token validation and the PKCE extension by default.
 
 ![Asgardeo SDK]({{base_path}}/assets/img/concepts/asgardeo-sdk.png){: width="700"}
 
 Explore all the supported application development technologies, SDKs and quick start guides in the [documentation]({{base_path}}/integrations/).
 
 !!! tip
 
-    - By default, Asgardeo SDKs redirect users to Asgardeo using HTTP redirects. However, if you prefer to create your own login screen within the application, you can still integrate Asgardeo for user login using the Asgardeo Login API.
+    - By default, {{product_name}} SDKs redirect users to {{product_name}} using HTTP redirects. However, if you prefer to create your own login screen within the application, you can still integrate {{product_name}} for user login using the {{product_name}} Login API.
 
-    - In addition to OpenID Connect, you can also use SAML 2.0 to integrate your application with Asgardeo for user login.
+    - In addition to OpenID Connect, you can also use SAML 2.0 to integrate your application with {{product_name}} for user login.
 
 
-Asgardeo automatically configures a default login flow for you to get started. You can design your desired login flow by adding social providers or MFA options using Asgardeo's visual login flow designer, where you can drag and drop the required elements.
+{{product_name}} automatically configures a default login flow for you to get started. You can design your desired login flow by adding social providers or MFA options using {{product_name}}'s visual login flow designer, where you can drag and drop the required elements.
 
 ![Add login flow]({{base_path}}/assets/img/concepts/login-flow.png)
 
@@ -41,17 +41,17 @@ Alternatively, you can use the Login Flow AI feature to generate the desired log
 
 ## On-board users 
 
-Allow users to self-onboard to your application, either directly or via social and partner platforms. You can utilize customizable user onboarding portal components from Asgardeo, or use Asgardeo's user onboarding APIs. Additionally, connect existing on-premise AD and LDAP user directories using the remote user store agent.
+Allow users to self-onboard to your application, either directly or via social and partner platforms. You can utilize customizable user onboarding portal components from {{product_name}}, or use {{product_name}}'s user onboarding APIs. Additionally, connect existing on-premise AD and LDAP user directories using the remote user store agent.
 
 
 ![Onboard users]({{base_path}}/assets/img/concepts/asgardeo-user-stores.png)
 
-Asgardeo offers a user self-onboarding portal component that can be seamlessly integrated with your applications and allows you to customize the onboarding experience and branding. For greater flexibility and control, you can use the Asgardeo user onboarding API to integrate with your application's specific onboarding workflows.  
+{{product_name}} offers a user self-onboarding portal component that can be seamlessly integrated with your applications and allows you to customize the onboarding experience and branding. For greater flexibility and control, you can use the {{product_name}} user onboarding API to integrate with your application's specific onboarding workflows.  
 
 
 ## Add self-care account management features  
 
-Let your users self-manage their profiles, protect their accounts, and handle recovery on their own. Asgardeo offers all the required self-management features for your application out-of-the-box. Your application can be integrated with Asgardeo user self-care portal components with your own branding. Alternatively, you can integrate Asgardeo’s self-management capabilities using the self-care user API to offer app-native experience.  
+Let your users self-manage their profiles, protect their accounts, and handle recovery on their own. {{product_name}} offers all the required self-management features for your application out-of-the-box. Your application can be integrated with {{product_name}} user self-care portal components with your own branding. Alternatively, you can integrate {{product_name}}’s self-management capabilities using the self-care user API to offer app-native experience.  
 
 Add self-manage features for your application users to: 
 
@@ -66,7 +66,7 @@ Add self-manage features for your application users to:
 - export their user profile 
 
 
-Protect your application, data and users by enabling security controllers offered by Asgardeo:
+Protect your application, data and users by enabling security controllers offered by {{product_name}}:
 
 - conditionally enforcing MFA
 - enabling password policies 

en/includes/concepts/api-security.md

@@ -0,0 +1,58 @@
+# API security
+
+
+The business APIs you deploy, whether used by your internal applications or external partners, must be properly secured and managed. Implementing robust API security is crucial for several reasons. It safeguards sensitive data transmitted via APIs, preventing unauthorized access while ensuring legitimate users have the correct level of access. Moreover, strong API security is vital for maintaining a business’s reputation and customer trust. A single data breach can significantly harm your brand name and erode customer confidence, so preventing cybersecurity incidents not only helps avoid negative media attention but also shows a commitment to protecting user data and privacy. Furthermore, API security ensures compliance with industry-specific regulations such as HIPAA and FAPI. 
+
+{{product_name}} can secure your APIs and make sure only authorized applications and  authorized users can access the APIs. {{product_name}} can be integrated with your APIs in two approaches:
+
+- **Security Token Service and Authorization Provider** – You can integrate  with API gateways such as Azure, AWS, or any OpenID Connect-supported gateway. {{product_name}} will provide OAuth2-based Security Token Service and API authorization based on RBAC (Role-Based Access Control). This option is particularly useful if you are developing and hosting your own APIs without using an API gateway, as you only need to verify the tokens issued by {{product_name}}.
+
+- **OAuth2 Token Service Provider** – You can also integrate {{product_name}} as an Identity Provider (IdP) with existing API management solutions such as WSO2 API Manager, Choreo API Management, or any API management platform that supports OpenID Connect IdP integration. In this scenario, {{product_name}} offers OAuth2-based Security Token Service, while your API management solution handles API authorization. This is the preferred option when you want to use platform-level customer identity or workforce identity provider with all your applications and APIs. 
+
+## Define and secure API resources  
+
+Define your API resources and associated permissions as scopes in {{product_name}} using the console or API, and attach the authorization policies.
+
+!!! note
+
+    Learn more about [supported Authorization policies for APIs and apps]({{base_path}}/references/authorization-policies-for-apps/)
+
+[Define an API using {{product_name}} console]({{base_path}}/guides/authorization/api-authorization/api-authorization/#register-a-business-api)
+
+ [Diagram - An API and scope]
+
+## Authorize applications to use APIs    
+
+[Authorize applications to consume API resources]({{base_path}}/guides/authorization/api-authorization/api-authorization/#authorize-apps-to-consume-api-resources) and define their access level by assigning a set of scopes. 
+
+!!! tip
+
+    If your application needs FAPI compliance for API access, {{product_name}} simplifies the process with a one-click, FAPI-compliant option. This feature ensures that all necessary security configurations for FAPI compliance are automatically applied to your app. Learn more about [FAPI-compliant apps]({{base_path}}/guides/applications/register-a-fapi-compliant-app/).
+
+
+Define application level roles as per your business requirements and assign selected scopes from the previous step. You can create both application-level roles and organizational-level roles. These roles can be assigned to users and user groups so that their access to the API is restricted based on roles. 
+
+
+[Define application-level roles]({{base_path}}/guides/authorization/api-authorization/api-authorization/#create-roles-and-assign-users) based on your business needs, and assign relevant scopes that you selected in the previous step. You can create both application-specific roles and organization-wide roles, which can be applied to users or user groups to ensure access to APIs is restricted and managed according to roles. 
+
+## Simplify token generation and verification  
+
+Use {{product_name}} SDKs for your preferred web application framework to request access tokens while also managing user sign-ins. {{product_name}} SDKs allow you to request specific scopes, representing different access levels within the APIs. {{product_name}} applies authorization policies to each token request, ensuring that applications only receive the scopes authorized for the current user and app. The SDKs also handle token verification complexities, so you won’t need to write additional code for token processing and verification.
+Explore the full range of SDKs supported by {{product_name}}.
+
+Alternatively, you can use any OAuth2/OIDC framework to create token requests and manage tokens on your own.
+
+You can use one of the following methods to verify tokens during the token verification process, typically done at the API gateway level or within the API implementation if no gateway is used:
+
+- **Signature Verification** - Verify the token's signature and validity directly. {{product_name}} provides a JWKS (JSON Web Key Set) endpoint, allowing you to retrieve the public key associated with the private key used for signing. This method doesn't require additional network calls to {{product_name}}, ensuring optimal performance.
+- **Token Introspection** - Verify the token's validity and gain additional token details by calling {{product_name}}'s introspection endpoint. While this approach involves extra network calls, it offers additional security, such as checking whether the token has been revoked.
+
+If you are using an API management solution that provides API authorization along with other management capabilities, you can easily integrate {{product_name}} as an identity provider for token generation. This is a common approach when you want to leverage {{product_name}} as the customer or workforce identity provider across applications and APIs. 
+
+- [Integrate {{product_name}} with WSO2 APK](https://apk.docs.wso2.com/en/latest/setup/identity-platform/idp/asgardeo-idp/){: target="_blank"}
+- [Choreo API Management](https://wso2.com/choreo/docs/administer/configure-an-external-idp/configure-asgardeo-as-an-external-idp/){: target="_blank"}
+
+
+
+
+