User Federation
Overview
IgniteConnex Identity has built-in support to connect to existing LDAP or Active Directory servers. You can also implement your own provider if you have users in other stores, such as a relational database.
IgniteConnex Identity can store and manage users. Often, companies already have LDAP or Active Directory services that store user and credential information. You can point IgniteConnex Identity to validate credentials from those external stores and pull in identity information.
What is User Federation?
Federated Identity Management is a sub-discipline of IAM, but typically the same team(s) is involved in supporting it. Federation is a type of SSO where the actors span multiple organizations and security domains.
From the WS-Federation spec (one of numerous SSO protocols that enable federation) we have, “The goal of federation is to allow security principal identities and attributes to be shared across trust boundaries according to established policies.” This is a good description of federation in general; it involves having common standards and protocols to manage and map user identities between Identity Providers across organizations (and security domains) via trust relationships (usually established via digital signatures, encryption, and PKI). Federation is the trust relationship that exists between these organizations; it is concerned with where the user’s credentials are actually stored and how trusted third-parties can authenticate against those credentials without actually seeing them.
The federation relationship can be accomplished through one of several different protocols including (but, not limited to):
- SAML1.1
- SAML2
- WS-Federation
- OAuth2
- OpenID Connect
- WS-Trust
- Various proprietary protocols