How to enforce strong passwords
How to Create Strong Passwords – Best Practices in 2019
18th October 2019
Strong Customer Authentication explained
What is SCA? (Strong Customer Authentication) – Quick Guide
29th October 2019
Show all

What is Federated Identity? – Guide 2020 – Identity Federation

What is federated identity?

We get a lot of questions from partners regarding 'federated identity' or 'identity federation', so we thought we'd do a short summary to explain what it is and how you can use it to help your users and your business.

What is Federated Identity?

First of all, we are assuming that you are a software vendor that has an application and users.

The profiles you hold on your users (their first name, last name, gender, email, age, etc.) are held in a database of an Identity Provider (IdP). This IdP, depending on its capabilities, can then speak in one or more 'languages', or more accurately data formats, such as OAuth 2 or SAML 2.

The Identity Provider is responsible for authenticating a user each time he/she tries to log in to an application.

In corporate environments, and within a corporate network, Microsoft's Active Directory is a very common Identity Provider that is responsible for user authentication. In online environments, Google Account can be used as an alternative Identity Provider, and Microsoft also has Azure AD.

However, there are also white-label, cloud-based Identity Providers such as the 10Duke Identity Provider. Regardless of vendor, each Identity Provider is responsible for authenticating the users held in its database.

Example of Federated Identity


Now, suppose that you are an application vendor selling a web application, 'DesignX', for a large corporate customer, 'GlobalCo'.

In order to access DesignX, the employees of GlobalCo have to log in to their corporate network, fire up a web browser, navigate to your url and then log-in to the DesignX application.

They have had to log in twice, which isn't the end of the world, but it is a bit of a pain and potentially insecure as they have to remember two sets of usernames and passwords.

This is where federated identity can help.

To login to the GlobalCo network, the employee will likely be logging into Active Directory, one type of IdP. To login to the DesignX application, they would be logging in to another IdP, such as the 10Duke IdP.

What you can do is connect the two Identity Providers, a process called 'federated identity'.

Here the 10Duke Identity Provider would delegate authentication to Active Directory (and an AD add-on called Active Directory Federation Services, but let's skip that for now) and 'trust' that AD has authenticated the employee correctly and then allowed him/her access to the DesignX application without him/her having to re-enter the username and password for the DesignX application.

In this context, 'federation', 'federated identity', and 'federated identity management' can all be used synonymously.

Federated Identity Management

Federated identity management increases the security of the overall connected systems and simplifies the login process improving organisational productivity.

In addition to improving the usability of the DesignX application and making it easier for the employee of GlobalCo to access it, identity federation also serves to increase the security of the overall (now connected) systems. This is because there is a single database of usernames and passwords, rather than two.

Provided this first database is adequately and properly secured, the system itself is more secure. Additionally, in this case, AD remains as a single point of user provisioning (and de-provisioning). If an employee leaves GlobalCo and she is removed from AD, she will no longer be able to access the DesignX application.

Why you should consider implementing federated identity

We have seen first hand how federated identity can be a key selling tool for application vendors trying to sell to large customers who have strict security requirements.

When the potential customer asks the application vendor if its authentication system is secure, if the vendor's IdP supports federation, it enables the vendor to answer the question simply by saying 'we support federated identity and therefore provided you're happy with how you authenticate your own employees, they will use the same method to access our application'.

Federated identity is a very simple and very powerful selling feature to support. And as you might expect, the 10Duke Identity Provider supports federated identity. You can also learn more on Wikipedia.

If you are considering identity federation or have any questions, please contact us at 10Duke.


You might also be interested in:

23rd December 2019
Multi factor authentication

What is Multi-Factor Authentication (MFA)? – Guide 2020

Multi Factor Authentication (MFA) involves two or more methods of authentication in order for an individual user to be given access to a system.
29th October 2019
Strong Customer Authentication explained

What is SCA? (Strong Customer Authentication) – Quick Guide

SCA has been required by the PSD2 since September 2019, but it will not be fully enforced until the end of 2020. Learn all about it […]
13th February 2019

The Art of Digital Identity

  Identity and Access Management (IAM) is a discipline within cybersecurity that seeks to ensure that only the right people can access the appropriate data and […]
2nd October 2018
social sign on

Alternative to Gigya

The Challenge Your customers expect to be able to access your online services quickly and easily. Whether from a mobile app or a web browser, their […]
2nd October 2018
single sign on to multiple apps

Alternative to Okta

The Challenge If your company is increasingly using cloud-based applications to help your employees get their job done, then giving them a solution that makes it […]
2nd September 2016
idp insights pie chart

Introducing Identity Provider Insights

The 10Duke Identity Provider is a white-label service that provides your online customers and partners with SSO access to all of your online products and services. […]
14th December 2015
Identity and Access Management in the workplace

Why is Identity and Access Management now a strategic imperative for any business?

Delivering an effective Identity and Access Management strategy has become a strategic imperative for all businesses operating online. An IAM strategy should define the effective, controlled […]
25th September 2015
Managing customer access to content

Managing Customer Access In a World of Subscriptions and Paywalls

Organisations have been distributing digital content, to consumers for a long time and yet for many, the issue of managing customer access and how to monetise […]

We get a lot of questions from partners regarding ‘federated identity’ or ‘identity federation’, so we thought we’d do a short summary to explain what it is and how you can use it to help your users and your business.

Request a Demo