Monday, March 25, 2019

Service providers and identity providers

Identity federation standards identify two operational roles in an SSO transaction:

  1. Identity provider (IdP)
  2. Service provider (SP).

An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure access to the Web-based applications or services of customers, suppliers, and business partners.

An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.

The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.