Abstract: A caching framework for a multi-tenant cloud-based system includes a plurality of microservices, a global cache that implements a global namespace, and a plurality of tenant caches, each tenant cache corresponding to a different tenant of the multi-tenant cloud-based system. The framework further includes a common module corresponding to each of the microservices and comprising a cache application programming interface (API), and a cache module comprising a service provider interface (SPI) adapted to connect to a distributed remote cache.

Abstract: One embodiment provides declarative policy management in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives at least one Application Programming Interface (“API”) request by a policy engine of the multi-tenant cloud-based IAM system from a tenant of the multi-tenant cloud-based IAM system. The embodiment configures a declarative policy for the tenant of the multi-tenant cloud-based IAM system based on the at least one API request. The embodiment then enforces the declarative policy in an IAM service performed for the tenant of the multi-tenant cloud-based IAM system.

Abstract: One embodiment performs policy evaluation in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives a request for an IAM service for a tenant of the multi-tenant cloud-based IAM system, and determines an applicable policy associated with the IAM service. The embodiment determines a policy expression of the applicable policy, where the policy expression includes a reference to an attribute value, and where the reference either includes a function or includes an application programming interface (“API”) of an attribute retriever class. The embodiment obtains the attribute value by invoking the function or by invoking the API of the attribute retriever class. The embodiment evaluates the applicable policy at run-time using at least the obtained attribute value, and performs the IAM service based on the result of the evaluating of the policy.

Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.

Abstract: A caching framework for a multi-tenant cloud-based system includes a plurality of microservices, a global cache that implements a global namespace, and a plurality of tenant caches, each tenant cache corresponding to a different tenant of the multi-tenant cloud-based system. The framework further includes a common module corresponding to each of the microservices and comprising a cache application programming interface (API), and a cache module comprising a service provider interface (SPI) adapted to connect to a distributed remote cache.

Abstract: A system manages tenant application updates in a multi-tenant cloud-based identity and access management (IAM) system by defining one or more application templates; creating one or more applications for one or more tenants of the multi-tenant cloud-based IAM system using the one or more application templates; applying a change to at least one of the one or more application templates; determining whether the one or more applications need to be updated in an automatic mode, a semi-automatic mode, or a manual mode, to incorporate the change; and updating at least one of the one or more applications in an applicable one of the automatic mode, the semi-automatic mode, or the manual mode, based on the outcome of the determining.

Abstract: A system manages tenant application updates in a multi-tenant cloud-based identity and access management (IAM) system by defining one or more application templates; creating one or more applications for one or more tenants of the multi-tenant cloud-based IAM system using the one or more application templates; applying a change to at least one of the one or more application templates; determining whether the one or more applications need to be updated in an automatic mode, a semi-automatic mode, or a manual mode, to incorporate the change; and updating at least one of the one or more applications in an applicable one of the automatic mode, the semi-automatic mode, or the manual mode, based on the outcome of the determining.

Abstract: One embodiment performs policy evaluation in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives a request for an IAM service for a tenant of the multi-tenant cloud-based IAM system, and determines an applicable policy associated with the IAM service. The embodiment determines a policy expression of the applicable policy, where the policy expression includes a reference to an attribute value, and where the reference either includes a function or includes an application programming interface (“API”) of an attribute retriever class. The embodiment obtains the attribute value by invoking the function or by invoking the API of the attribute retriever class. The embodiment evaluates the applicable policy at run-time using at least the obtained attribute value, and performs the IAM service based on the result of the evaluating of the policy.

Abstract: One embodiment provides declarative policy management in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives at least one Application Programming Interface (“API”) request by a policy engine of the multi-tenant cloud-based IAM system from a tenant of the multi-tenant cloud-based IAM system. The embodiment configures a declarative policy for the tenant of the multi-tenant cloud-based IAM system based on the at least one API request. The embodiment then enforces the declarative policy in an IAM service performed for the tenant of the multi-tenant cloud-based IAM system.

Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.

Abstract: The present disclosure relates generally to techniques for automatically associating one or more access policies with an account. Specifically, these techniques enable one or more access policies to retroactively be associated with an account that is not associated with at least one access policy. By associating an access policy with an account, managing access to one or more resources provided by the account may be automated based on the associated access policy. An identity management system (IDM) system may manage access policies for determining access to resources of target systems. Accounts that are not associated with an access policies may be associated with the access policies governing access to resources identified by those accounts. Access to the resource(s) associated with those accounts may be updated based on the access granted by the access policies which are associated with those accounts.

Abstract: The present disclosure relates generally to techniques for automatically associating one or more access policies with an account. Specifically, these techniques enable one or more access policies to retroactively be associated with an account that is not associated with at least one access policy. By associating an access policy with an account, managing access to one or more resources provided by the account may be automated based on the associated access policy. An identity management system (IDM) system may manage access policies for determining access to resources of target systems. Accounts that are not associated with an access policies may be associated with the access policies governing access to resources identified by those accounts. Access to the resource(s) associated with those accounts may be updated based on the access granted by the access policies which are associated with those accounts.