Is this page helpful? Yes No. Any additional feedback? Skip Submit. Submit and view feedback for This product This page. View all page feedback. While having a discussion with a partner this week, he pointed out that enterprise single sign-on and federation are being confused much less often these days.
That led me to asking a few people what the difference is and finding that there is still confusion about the two. So what is federation? SSO is an umbrella term for any time a user can login to multiple applications while only authenticating once. No password is required for the user to login to each system.
Because of the trust between the two systems, the target application accepts this token and authenticates the user. The benefit to federation is security and authentication into both on premise and cloud applications. Enterprise SSO is when the applications all still require that a password be sent to login, but the software handles storing it and automatically retrieving it for the user and inputting it into the application for an automatic login.
Identity federation occurs when a user chooses to unite distinct service provider and identity provider accounts while retaining the individual account information with each provider.
The user establishes a link that allows the exchange of authentication information between provider accounts. Users can choose to federate any or all identities they might have. After identity federation, when a user successfully authenticates to one of the service providers, access to any of the federated accounts within the circle of trust is allowed without having to reauthenticate. The following figure shows the subjects involved in federation.
A principal can have a defined local identity with more than one provider, and it has the option to federate the local identities. The principal might be an individual user, a group of individuals, a corporation, or a component of the Liberty architecture.
A service provider is a commercial or not-for-profit organization that offers a web-based service such as a news portal, a financial repository, or retail outlet. An identity provider is a service provider that stores identity profiles and offers incentives to other service providers for the prerogative of federating their user identities. Identity providers might also offer services above and beyond those related to identity profile storage. To support identity federation, all service providers and identity providers must join together into a circle of trust.
A circle of trust must contain at least one identity provider and at least one service provider.
0コメント