Gateways & agents

Identity Gateway (IG) integrates your web applications, APIs, and microservices with Advanced Identity Cloud. IG enforces security and access control without modifying your applications or the containers where they run—whether on premises, in a public cloud, or in a private cloud.

Based on reverse proxy architecture, IG intercepts client requests and server responses. In this process, IG enforces user or service authentication and authorization to HTTP traffic. Advanced Identity Cloud acts as the authentication and authorization provider.

IG can also conduct deep analysis, then throttle and transform requests and responses when necessary.

See the Identity Gateway Guide for Advanced Identity Cloud for these detailed instructions and examples:

Policy agents are Access Management (AM) add-on components. They operate as policy enforcement points (PEPs) for websites and applications.

Policy agents natively plug into web or applications servers. The agents intercept inbound requests to websites, and interact with AM to:

Use Web Agents to protect services and web resources hosted on a web or proxy server. Use Java Agents to protect resources hosted on application or portal servers.

Although both agents enforce authentication and authorization to protected resources, they differ in the way they derive policy decisions and enforce them.

See these guides for examples of how to transition from on-premises access management to Advanced Identity Cloud without changing the architecture of the agent-based model: