About identity providers
An Identity Provider (IdP), also known as Identity Assertion Provider, is a system that creates, maintains and manages identity information for principals (users, services, or systems) and provides principal authentication to other service providers (applications) within a federation or distributed network. It is a trusted third party that can be relied upon by users and servers when users and servers are establishing a dialog that must be authenticated. The IdP sends an "attribute assertion" containing trusted information about the user to the service provider.
An IdP is responsible for:
- Providing identifiers for users wanting to interact with a system
- Asserting to such a system that such an identifier presented by a user is known to the provider
- Possibly providing other information about the user that is known to the provider
This may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm.
In perimeter authentication, a user needs to be authenticated only once (single sign-on). The user obtains a security token which is then validated by an Identity Assertion Provider for each system that the user needs to access.
Examples could be where a website allows users to log in with Facebook credentials and Facebook acts as an identity provider. Facebook verifies that the user is an authorized user and returns information to the website - for example, username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter credentials then Google and Twitter act as identity providers.
Supported protocols and external IdPs
There are multiple protocols an IdP could support. The list of supported protocols of Unit4 Identity Services (U4IDS) includes:
- SAML-P 2.0
- OpenID Connect
See Identity protocols for more information.
U4IDS support all third-party IdPs that fully support any of the protocols mentioned. They include:
- Azure Active Directory(Azure AD) - supports all three types of protocols
- ADFS 2.0 - supports WS-Federation
- Feide - supports SAML-P 2.0
- OKTA - supports all three types of protocols