Identity-as-a-Service (IDaaS)

Explore Identity-as-a-Service (IDaaS) and its key components such as Directory Services, Federated Services, Single Sign-On (SSO), and Federated Identity Management (FIDM). Learn how IDaaS simplifies user identity management and access control across multiple systems and domains.

Identity-as-a-Service (IDaaS)

Identity-as-a-Service (IDaaS) addresses the challenges associated with managing user identities and access across various systems, both local and cloud-based. It provides solutions for managing identity information, which can be used during electronic transactions.

Problems Addressed by IDaaS

  • Multiple Credentials: Employees often need to remember different username and password combinations for accessing various systems.
  • Account Management: When an employee leaves the company, IT staff must ensure that each account associated with that user is disabled, increasing workload.

IDaaS solves these issues by offering a comprehensive management system for digital identities.

Key Components of IDaaS

  • Directory Services: Manage and store identity information.
  • Federated Services: Enable users to authenticate across different domains.
  • Registration: Manage user registration and profile details.
  • Authentication Services: Verify user identities.
  • Risk and Event Monitoring: Track and analyze security events and risks.
  • Single Sign-On (SSO) Services: Allow users to log in once and gain access to multiple systems.
  • Identity and Profile Management: Manage user profiles and their access rights.

Single Sign-On (SSO)

Single Sign-On (SSO) simplifies user access by allowing them to log in once to gain access to multiple systems. This is managed through a single authentication server that handles authentication for all connected systems.

SSO Workflow:

  1. User Login: The user logs into the authentication server with their username and password.
  2. Ticket Issuance: The authentication server issues a ticket to the user.
  3. Ticket Submission: The user presents the ticket to the intranet server.
  4. Ticket Validation: The intranet server forwards the ticket to the authentication server.
  5. Credential Verification: The authentication server sends the user’s credentials back to the intranet server.
  6. Access Management: If the user leaves the company, disabling their account at the authentication server revokes access to all systems.

The diagram below illustrates how SSO works.

Federated Identity Management (FIDM)

Federated Identity Management (FIDM) involves technologies and protocols that allow users to use their security credentials across multiple security domains. It uses protocols such as Security Markup Language (SAML) to package and manage these credentials.

OpenID

OpenID allows users to access multiple websites with a single account. Providers such as Google, Yahoo!, Flickr, MySpace, and WordPress.com support OpenID, offering several benefits:

  • Increased Site Conversion Rates: Users are more likely to register or log in when they can use a single account.
  • Access to Greater User Profile Content: Unified profiles provide richer user data.
  • Fewer Password Issues: Reduces problems related to forgotten passwords.
  • Ease of Integration: Simplifies content integration into social networking sites.

The diagram below shows how FIDM and OpenID operate.