For several years, identity federation has been an excellent response to two key challenges concerning web application security. On the one hand a business challenge, in the sense that it makes B2B and/or B2C exchanges smoother and overcomes a number of constraints associated with identities and authentication mechanisms in particular; and on the other hand a technical challenge, because it is becoming increasingly compulsory in Web SSO architectures that use standard and standardised protocols such as SAML, OAuth and OpenID Connect, including for access to SaaS, Cloud and mobile applications.
Identity federation thus offers a comprehensive response in numerous information system transformation scenarios: the opening-up of IS to the Cloud and mobility, the digital transformation of companies and implementation of security by design, regulatory compliance, corporate growth (joint ventures, M&A, outsourcing, etc.), IS standardisation and systems architecture upgrades, delegation of authentication to large public or private identity providers, a key element in user satisfaction in their web service registration and authentication journeys, etc.
Identity federation,
or how to share with complete confidence
Identity federation is a simple tool organisations can use to share information about users, the aim being to enable users to navigate between different services after authenticating just once with a trusted third party which guarantees their identity.
It works by exchanging identity tokens and is based on two founding principles: a reliance on shared, recognised standards such as SAMLv2, OAuth2, OpenID Connect, and WS-Federation; and a separation of responsibilities between Identity Providers (IdP) and Service Providers (SP).
Identity federation allows you to control users’ accesses based on the relationships of trust established, the validity of the presented identity, and authentication with the trusted partner. Users thus access their applications and services totally transparently, without re-authenticating, thanks to the now tried and tested principles of Single Sign-On (SSO).
There are a huge number of implementations and use cases for identity federation, including:
- In finance: open up your IS to partners in total security, make compliance with regulations like DSP2 easier, simplify authentication procedures, and industrialise the connection of services to an identity federation platform.
- In the media: make users’ service registration and authentication journeys uniform, create interfaces with social networks to enable the use of third-party digital identities.
- In retailing and distribution or industry: control connections to Cloud applications like GSuite or O365 and accesses by any users, whatever their uses and working contexts.
- In the Government sector: ensure simpler relationships between citizens and government agencies by making it easier to register for and access e-services, offer the use of national identity providers such as those provided via FranceConnect
Identity federation must therefore be regarded as a key component of a comprehensive IAM strategy!
Discover our Sign&go Global SSO solution, covering all types of applications in all types of architecture.
The benefits of identity federation: standardisation, security, user experience, ROI
There are many advantages to implementing an identity federation solution, which can be broken down into several categories:
1
Systems architecture and standardisation
- Control the openness of your IS and the outsourcing of services
- Define a standard authentication and authorisation platform that is separate from specific implementations
- Roll out the use of standards such as SAMLv2, OAuth2/OpenID Connect and WS-Federation
- Simplify the integration and connection of new applications and make the IS flexible and agile
2
Security
- Benefit from federation standards guaranteeing the security and traceability of accesses in a relationship of trust between partners
- Streamline password management and renewal
- Avoid having to manage “others’ identities” or duplicate your directories in SaaS infrastructures
- Avoid granting outside access to your identity directories
3
User Experience
- Get the benefits of ergonomic Single-Sign On (SSO) for all applications
- Delegate authentication to third-party identity management providers
- Make user service registration and authentication journeys uniform and simple on all channels, whether web or mobile
- Fulfil regulatory requirements
4
Business
- Join the underlying trend towards opening your IS up to the Cloud and third parties: partners, clients, etc.
- Facilitate accesses to applications in corporate change contexts: restructuring, joint ventures, M&A, spin-offs, etc.
- Facilitate the management of accesses to shared services within complex organisations or partner networks.