1 / 7

How Identity Brokering Simplifies Access Management

"How Identity Brokering Simplifies Access Management" explores how Identity Brokering streamlines user authentication by acting as a bridge between various identity providers and applications. This approach enables seamless access to multiple platforms with a single login, enhancing user experience and reducing administrative overhead. Learn about the benefits, implementation strategies, and how Identity Brokering ensures secure and efficient access management for businesses, making it a crucial component of modern identity and access management solutions.

Kevin237
Download Presentation

How Identity Brokering Simplifies Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA SHEET Identity Brokering A fast and convenient way to connect with multiple Identity Providers to offer several authentication options on your application. Creating and maintaining a separate digital identity or account is no longer a practical approach for consumers who use numerous applications in their day to day life. Thus, they prefer to use a single digital identity across multiple applications for authentication needs. In the same perspective, businesses need to ensure that single sign-on options are available on their application. These single sign-on options can be generic (Facebook, Twitter, Amazon, etc.) and business domain-specific (Salesforce, WordPress, etc.). These options are known as Identity Providers, who own consumer identities and authenticate them for businesses. The identity providers are usually protocol-based (SAML, JWT, OAuth, etc.). Utilizing multiple identity providers on your application requires you to understand and implement respective single sign-on (SSO) protocols, which is complicated and time-consuming. The Good News is - you can forget about complexity and implementation time and use the Identity Brokering feature of LoginRadius for a quick and straightforward solution. Let’s dive into identity brokering and its benefits for you!

  2. What is Identity Brokering Connecting service providers with different identity providers for the authentication needs via an intermediate service is known as Identity Brokering. The service is responsible for establishing trust with external identity providers to use its identities to access service providers’ (businesses) services. LoginRadius acts as an identity broker service between the Identity and Service Providers and establishes the trust and authentication process between the two using the industry-standard protocols. © LoginRadius Inc. | Confidential Information 2

  3. Features LoginRadius Offers and Workflow LoginRadius offers the following Identity Brokering features for businesses: • Configurable IdP and SP: You can choose from the list of pre-configured IdPs or configure a custom IdP by selecting the supported protocol and providing the required details in LoginRadius Admin Console. Similarly, you can configure a service provider by choosing the protocol it supports. • Multiple Protocol Support: LoginRadius supports multiple SSO protocols - SAML, JWT, OAuth for identity brokering. You can choose and configure the app for any of these protocols to provide single sign-on to application consumers without worrying about understanding or implementing the protocol. SAML broker service of LoginRadius can work with any identity provider (SAML, ADFS, SalesForce, SimpleSamlPhp, Shibboleth) of your choice without you worrying about understanding and implementing SAML protocol. • SP and IdP Initiated SSO: LoginRadius supports both SP and IdP initiated SSO flows with SAML protocol. SP initiated is where the consumer lands on the service provider and redirects to the identity provider for authentication. From IdP, the consumer is redirected back to the SP with an authentication response. For example, on an eCommerce website, you see Login with Google option. You click that button and get redirected to Google for login or consent. IdP initiated is where the consumer lands on the identity provider and then redirects to the service provider with an authentication response. © LoginRadius Inc. | Confidential Information 3

  4. Once you have configured the Identity Brokering with LoginRadius, the following is an example of the SP initiated SSO workflow: 1. The consumer requests a resource at the service provider, which requires authentication. 2. The service provider redirects the consumer to LoginRadius (Identity Broker) for authentication. 3. LoginRadius presents the list of configured identity providers to the consumer. 4. The consumer selects the desired identity provider from the list. 5. LoginRadius issues an authentication request to the chosen identity provider and redirects the consumer to the identity provider’s login page. 6. Consumer provides credentials or consent (if already logged into identity provider) to authenticate with the identity provider. 7. The identity provider sends the authentication response to LoginRadius, which usually contains the security token (may vary based on the protocols used by LoginRadius) to establish trust and authentication. 8. LoginRadius either creates a user or authenticate (if the user exists) and issues a token for service provider use. 9. LoginRadius then sends the authentication response (token) to the service provider. 10. The service provider receives the token and allows access to the consumer for the requested resource. © LoginRadius Inc. | Confidential Information 4

  5. The following is a diagrammatic representation of the above-explained flow among the Consumer, Service Provider, Identity Broker, and Identity Provider: 10. Allow access to requested resource Service provider 1. Request resource 8. Local authentication /Identity federation 4. Select identity provider 2. Authentication request Identity broker User 3. List of identity providers 9. Authentication response 5. Authentication request 7. Authentication response 6. Challenge credentials / consent Identity provider The above diagram depicts the generic user experience and execution of Identity Brokering. However, the actual authentication flow for the SSO Protocols (SAML, JWL, OAuth, etc.) can vary. © LoginRadius Inc. | Confidential Information 5

  6. Benefits of using Identity Brokering • Flexibility: You can easily configure IdPs of your choice, including Google, Facebook, Linked In, and even Custom ones, for the application consumers who have identities with various identity providers. This provides hassle-free social and custom login to your application without having to understand how all this works. • Eliminate Complexity: You delegate the SSO requirements to LoginRadius, eliminating the need to understand and implement complex SSO protocols like SAML, OpenID, JWT, and OAuth. You only need to know - how to call an HTTPS endpoint. • Verified Digital Identity: You don't need to worry about verifying the consumers who authenticate themselves using configured IdPs. The digital identities of such consumers are already verified with respective Idp. © LoginRadius Inc. | Confidential Information 6

  7. Conclusion Identity Brokering has proven beneficial for both businesses and consumers. Businesses get flexibility and verified digital identities, whereas consumers get a seamless authentication experience without worrying about creating and maintaining a new account. Contact Us: sales@loginradius.com LoginRadius is a leading provider of cloud-based Customer Identity and Access Management solutions for mid-to-large sized companies. The LoginRadius solution serves over 3,000 businesses with a monthly reach of over 1 billion users worldwide. ©Copyright, LoginRadius Inc. All Rights Reserved.

More Related