To federate access to external applications, the IdP relies on a single “normalized” source of identity—and coming up with such a global view of users from across a diverse, distributed architecture is no easy task for most large organizations. What you need is some type of integration layer that can also federate your identity sources. This integration layer—really, a smart hub for all your identity stores—feeds your IdP with exactly the right information it needs to enable SSO and secure access across your entire application portfolio, from enterprise to web, cloud, and even mobile or social.
Integrate and orchestrate identity with a federated hub
Why a federated architecture for the hub instead of a simpler centralized repository for identity data? Because centralization is part of what got us into trouble in the first place, adding to the fragmentation of today’s typical identity infrastructure. Most sizable organizations have complex identity systems for a reason, so rather than trying to impose one unique centralized system on top of all this diversity, it’s better to think about a smart integration of all your sources that gives you a rationalized view of the system.
Essentially, we need to “Manage Globally, Act Locally,” creating an intelligent hub with a logical center that respects the periphery. By integrating identity and attributes from across data siloes, the federated identity hub maintains a global list of users that is curated dynamically across all enterprise systems, then maps that data to meet the unique expectations of each consuming application.
With such a hub, your IdP can authenticate against a rational, common view of identity, while each user store maintains autonomy over its own data. Of course, any changes would need to be synchronized automatically, in as close to real-time as possible, so you’re not authorizing access to the disgruntled employee you just fired or blocking executive access when a title changes. By keeping track of all users and their associated identity information, including multiple or overlapping usernames, the hub enables fast, accurate authentication and authorization for all your applications.
Let’s dig a deeper into the essential capabilities of a federated identity hub:
Step 1: Inventory your current data sources and extract and unify the metadata
The process of creating an identity hub begins with an inventory of your current data sources. Larger organizations often store identity and attributes across an array of repositories, each using different protocols and data models. A smart federated identity system can bridge these diverse systems, extracting the metadata from each source to create a common object model.
Sign up for CIO Asia eNewsletters.