Identity providers

About identity providers

An Identity Provider (IdP), also known as Identity Assertion Provider, is a system that creates, maintains and manages identity information for principals (users, services, or systems) and provides principal authentication to other service providers (applications) within a federation or distributed network. It is a trusted third party that can be relied upon by users and servers when users and servers are establishing a dialog that must be authenticated. The IdP sends an "attribute assertion" containing trusted information about the user to the service provider.

An IdP is responsible for:

This may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm.

In perimeter authentication, a user needs to be authenticated only once (single sign-on). The user obtains a security token which is then validated by an Identity Assertion Provider for each system that the user needs to access.

Examples could be where a website allows users to log in with Facebook credentials and Facebook acts as an identity provider. Facebook verifies that the user is an authorized user and returns information to the website - for example, username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter credentials then Google and Twitter act as identity providers.

Supported protocols and external IdPs

There are multiple protocols an IdP could support. The list of supported protocols of Unit4 Identity Services (U4IDS) includes:

See Identity protocols for more information.

U4IDS support all third-party IdPs that fully support any of the protocols mentioned. They include: