What is an Identity Provider (IDP)?

An Identity Provider (IdP) is a digital service that creates and manages a user’s digital identity and identity attributes associated with it. IdPs authenticate users to third-party services providers (like websites, web applications, etc.) using these identities. An Identity Provider allows users to bring their own identities to their workspace and enables them to sign up/ log into a web service or application using an existing set of credentials in place of creating new credentials for the service or application.

A popular example of an Identity Provider that most of us are familiar with is Google. “Sign-up using Google” or “Login using Google” option is an example of Google acting as an Identity Provider for the service we are signing in or logging in into. This way users can access the service and its resources using their Google ID.   

Some of the other popular IdPs are AWS (Amazon Web services), Microsoft, Instagram, Facebook etc.

To determine user access to sensitive data and log their activity digital identities should be tracked, cloud services need to identify users.  Cloud Services  can identify the user either by

1. Direct authentication –  validating the username and password with the stored identities with them, or by
2. Indirect authentication – validating an assertion (authentication decision) about the User’s identity as presented by an identity provider

According to several studies, more than 80% of users feel bothered when they are prompted to create a new account on websites as it requires them to share their personal data. This notion can impact the user experience and their interaction with your services.

Identity Providers help prevent attackers from impersonating users by securely storing user identities adding to security. Identity providers allow users to log on across multiple platforms and applications using an existing Identity (known as SSO) and adds to the user experience

How does Identity Provider work?

Identity providers operate on a simple mechanism. Getting a digital ID requires you to provide unique information. It may be your username, password, security question, or captcha. With this unique information, you’ll receive a digital ID proving your identity. Users can gain access to all their required resources, including email and file management systems, by using an IdP.

IdP workflow includes three main steps:

Authentication: The user is requested to enter some form of identification, such as a username and password or biometric data.

Verification: The identity provider determines if a user has access to the system, and what they have access to.

Authorization: Users are given access to specific resources based on their authorization.

What are the security benefits of using an Identity Provider?

Typically, users logins into multiple platforms, and managing separate credentials for each platform or application can cause password fatigue. Password fatigue often leads to poor or the same credentials being reused across multiple platforms, and this can present a security risk to the system.

• Identity providers have a strong authentication policy that allows users to have secure credentials as users need only 1 set of login credentials for logging into all configured services.
• Users can enable 2FA or Adaptive MFA for added security.
• Allocation and management of Access privileges to user groups reduces the risk of attackers gaining access to critical systems.
• IdP allows authorized users to access audit reports to view user authentication logs and identify resource access requests and usage. 
• Makes it easy for Enterprises to maintain and manage compliance as all access requests and events are tracked in audits – Enterprise SSO.
• Enforcement of the same security policies across all operating platforms and devices for the users allows the management of securities measure quick and easy.

Enforcement of the same security policies across all operating platforms and devices for the users allows the management of securities measure quick and easy.

In the event of a set of credentials getting compromised, it can lead to unauthorized access to user accounts on other platforms and may result in an information breach. An estimated 81% of data breaches are due to poor password security or stolen credentials.

Using an identity provider reduces the risk of a data breach caused due to password fatigue or compromised identity, adds additional security measures, and makes the task of user identity access management and privileges management easy.

How do Identity providers help users better manage their accounts?

miniOrange, an Identity provider allows users to switch between multiple applications without being prompted for signing in to each application, hence reducing password fatigue or the need to remember the login credentials of each of the applications.

Let’s take an example:

Let’s say Adam needs to log in to 5 of his companies’ in-house applications hosted on different platforms for his work. Assuming the company uses SSO service, Adam’s login experience will be as follows:   

• Adam navigates to one of his 5 applications and clicks on the “Login button”
• The application redirects Adam to the Identity Provider for authentication.
• As Adam has not already logged in to the Identity provider, IdP prompts him to log in.
• Adams enters the valid login credentials and is signed in to the application.
• Now, on switching to any of the rest of the 4 applications, Adam will be automatically signed into them without being prompted for login credentials.

Thus, Adam can access all of his office applications, without being prompted to login-in for each application, by using a single set of credentials.

With a vast library of 5000+ pre-integrated apps and support for all SSO protocols, the miniOrange IdP solution makes setting up an identity provider an easy task. 

The solution can act as an identity provider itself, and can also be used as an identity broker to connect multiple identity providers (like  Okta, Azure, etc.) with multiple service providers.

Further Reading

• IdP Vs SP Initiated SSO
• What is Single Sign-On SSO?
• Identity Broker Services