Consumer accounts for application provider workloads

You must have a system for authentication and authorization of the consumer organization's users when they connect to your application workloads through a web app or API. As the best practice for enabling a zero trust environment says, you need to provide proper role-based access control (RBAC) for these users.

You can use App ID to secure your apps, back-end resources, and APIs by using standards-based authentication. App ID makes it easy to add an authentication step to your applications with a few lines of code. You can add email or username, social, or enterprise sign in to your apps with APIs, SDKs, prebuilt UIs, or your own branded UIs.

You can choose between several identity providers. For more information, see Managing authentication. The two most likely options that you would use for IBM Cloud for Financial Services are:

• Security Assertion Markup Language (SAML) - You can create a single sign-on experience for your users by integrating with the consumers identity provider.
• Cloud Directory - You can maintain your own user registry in the cloud. When a user signs up for your app, they are added to your directory of users. This option gives your users more freedom to manage their own account within your app.