An Identity Provider (IDP) is a digital service that creates and manages a user’s digital identity and identity attributes associated with it. IDPs authenticate users to third-party services providers (like websites, web applications, etc.) using these identities.
IDP allows users to bring their own identities to their workspace and enables them to sign up/ login into a web service or application using an existing set of credentials in place of creating new credentials for the service or application.
A popular example of an Identity Provider that most of us are familiar with is Google. “Sign-up using Google” or “Login using Google” option is an example of Google acting as an Identity Provider for the service we are signing in or logging in into.
Need of Identity Provider
A service provider can identify the user either by
- Direct authentication – validating the username and password with the stored identities with them, or by
- Indirect authentication – validating an assertion (authentication decision) about the User’s identity as presented by an identity provider
According to several studies, more than 80% of users feel bothered when they are prompted to create a new account on websites as it requires them to share their personal data. This notion can impact the user experience and their interaction with your services.
Identity providers allow users to log on across multiple platforms and applications using an existing Identity (this is known as SSO) and adds to the user experience.
What are the security benefits of using an Identity Provider?
Typically, users logins into multiple platforms, and managing separate credentials for each platform or application can cause password fatigue. Password fatigue often leads to poor or same credentials being reused across multiple platforms, and this can present a security risk to the system.
- Identity providers have a strong authentication policy that allows users to have secure credentials as users need only 1 set of login credentials for logging into all configured services.
- Users can enable 2FA or Adaptive MFA for added security.
- Allocation and management of Access privileges to user groups reduces the risk of attackers gaining access to critical systems
- IDP allows authorized users to access audit reports to view user authentication logs and identify resource access requests and usage.
Enforcement of the same security policies across all operating platforms and devices for the users allows the management of securities measure quick and easy.
In the event of a set of credentials getting compromised, it can lead to unauthorized access to user accounts on other platforms and may result in an information breach. An estimated 81% of data breaches are due to poor password security or stolen credentials.
Using an identity provider reduces the risk of a data breach caused due to password fatigue or compromised identity, adds additional security measures, and makes the task of user identity access management and privileges management easy.
How Identity providers help users better manage their accounts?
Identity providers allow users to switch between multiple applications without being prompted for signing in to each application, hence reducing password fatigue or the need to remember login credentials of each of the applications.
Let’s take an example:
Let’s say Adam needs to log in into 5 of his companies’ in-house applications hosted on different platforms for his work. Assuming the company uses SSO service, Adam’s login experience will be as follows:
- Adam navigates to one of his 5 applications and clicks on the “Login button”
- The application redirects Adam to the Identity Provider for authentication.
- As Adam has not already logged in to the Identity provider, IDP prompts him to log in.
- Adams enters the valid login credentials and is signed in to the application.
- Now, on switching to any of the rest of the 4 applications, Adam will be automatically signed into them without being prompted for login credentials.
Thus, Adam can access all of his office applications, without being prompted for login-in for each application, by using a single set of credentials.
Setting up an Identity provider…