Identity federation standards identify two operational roles in an SSO transaction:
- Identity provider (IdP)
- Service provider (SP).
An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure access to the Web-based applications or services of customers, suppliers, and business partners.
An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.
Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.
The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.
Thanks,
Aditya