Identity provider

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network.[1][2]

Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”[3] SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Types of identity providers[edit]

SAML identity provider[edit]

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains. In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.

OpenID provider[edit]

OpenID Connect (OIDC) is an identity layer on top of OAuth. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful HTTP API.

Examples of IdPs[edit]

  • Okta Named a Leader in the Gartner Magic Quadrant for Access Management.[4] Only independent & neutral IAM with FedRAMP Authorization.[citation needed] Single sign on (SSO), Adaptive Multi Factoring Authentication, Provisioning, Secure Server Access (Zero Trust), API Access. Provides highly scalable, Always On for all size organizations.
  • OneLogin: Enterprise-class IdP.[citation needed] On-prem, Hybrid and Cloud solutions. Single sign on, Multi-factor authentication, password reset, Provisioning and adaptive authentication
  • Hitachi ID Password Manager: On-Prem and Cloud Based IDP (and SP) for Enterprise. IDP is SAMLv2. SP can also do OAuth. Various authentication options/combinations available.
  • Ping Identity: On-Prem, Hybrid, and Cloud Based IDP (and SP) for Enterprise, OIDC/SAML/OAuth - Standards based solution.
  • SecureAuth Identity: On-Prem and Cloud Based IDP (and SP) for Enterprise, Adaptive Authentication
  • Cierge: Open source, provides email-based OIDC passwordless authentication
  • Keycloak: Open source, Java-based OIDC/SAML IdP
  • Auth0: Commercial OIDC IdP
  • Gluu: Commercial OIDC/SAML IdP
  • miniOrange: On-Premise and Cloud Based IDP (and SAML SP) for Enterprise, SAML/OAuth
  • ForgeRock: On-Prem, Hybrid, and Cloud Based IDP, OIDC/SAML/OAuth/UMA, Intelligent Authentication
  • Onegini : On-Premise and Cloud Based IdP, OIDC/SAML/OAuth
  • / iWelcome : Cloud Based IDP, OIDC/SAML/OAuth
  • SAASPASS: Enterprise-class IdP - On-prem, Hybrid and Cloud solutions. Single sign on (SSO), OIDC/SAML/OAuth, Adaptive Multi Factoring Authentication, Provisioning, Secure Server Access (Zero Trust), API Access. Provides highly scalable, Always On for all size organizations.
  • ADFS : On-Prem identity provider included as a part of Windows Server

See also[edit]

References[edit]

  1. ^ IdP (Identity Provider), mit.edu. Retrieved 25 July 2016.
  2. ^ Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, 2005, oasis-open.org. Retrieved 25 July 2016.
  3. ^ Identity Providers and Service Providers, salesforce.com. Retrieved 25 July 2016.
  4. ^ [1], 2018, okta.com. Retrieved 15 April 2019.