What is an Identity Provider (IdP)?
Introduction
An IdP is a trusted system that authenticates users and asserts their proven identity to other applications. It is a necessary component for Single Sign-On (SSO) services like OIDC and SAML, where authentication must be secure and centralized.
As a result, using an IdP for identity authentication eliminates the need for each application to manage user credentials independently, which can often consume large amounts of storage and computing power at an enterprise scale. IdPs also allow organizations to enforce additional security policies like Multi-Factor Authentication and conditional or time-based access controls.
Responsibilities of an IdP
- Identity authentication
- Assertion generation and distribution
- Maintaining SSO sessions
- Enforcement of centralized access policies
SAML with IdPs
Primarily used for web applications, the IdP authenticates the user and then issues a digitally signed, XML-based SAML assertion. This assertion serves as proof that the user has successfully authenticated. An assertion typically contains authentication details and user identity attributes (email, roles, department, name, etc.).
After delivery of the assertion by the browser, the service provider can validate the signature locally.
OIDC with IdPs
The IdP issues signed, JSON-based tokens; notably an ID token and often an access token and refresh token. These tokens are given defined lifetimes for which they are valid.
Because OIDC is built on OAuth 2.0, these tokens support scope-based permissions and are designed for API authorization and delegated access. This modern platform also allows for more dynamic control of tokens, where authorization servers can revoke tokens, apply conditional access policies, and apply conditional access policies.
Enterprise 2FA with tap and go login plus an integrated password manager. One key for all your passwords. Experience fully automated login and security. For example, faster MFA, auto-OTP, password manager, and worry-free workflow with proximity-based privileged access management for Windows 11, 10, 8, 7, VPNs, websites, and desktop applications including MES, EHR, CAD/RMS, and more. Overall, a massive upgrade to security and efficiency.
