Section 17.162 Federation Flashcards
Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 4.6 Given a scenario, you must be able to implement and maintain identity and access management.
Federation
Process that allows for the linking of electronic identities and attributes to store information across multiple distinct identity management systems
■ Enables users to use the same credentials for login across systems managed by different organisations
e.g Partners, suppliers, customers etc
Federation Process
Login Initiation
User accesses a service or application and chooses to log in
Federation Process
Redirection to Identity Provider
Service Provider (SP) redirects the user to their Identity Provider (IdP) for
authentication
Federation Process
Authentication of the user
● IdP validates the user’s identity using stored credentials
● Validates the user’s identity
Federation Process
Generation of Assertion
IdP creates an assertion (token) with user identity and authentication status in a standardised format
Federation Process
Return to Service Provider
User returns to the original service or application with the assertion from
the IdP
Federation Process
Verification and Access
Service Provider verifies the assertion and grants access based on the information it contains
Federation Process
Login Complete
User gains access to the service or application and potentially others
within the federation without additional logins
Benefits of Federation
■ Simplified user experience
■ Reduced administrative overhead
■ Increased security through reduced password reuse and improved management
