Identity and access management requirements are rapidly evolving over the years. Organizations cannot survive with authentication and authorization mechanisms that only span a single boundary of trust. Hence, these organizations often provide and consume services across trust boundaries, which may include partners, subsidiaries, customers or suppliers and may span across multiple buildings, cities, states, countries and even continents. Identity federation and Single Sign On (SSO) come into the picture to provide and consume these services across trust boundaries.
Identity federation and SSO have similarities as well as key differences. Identity federation is a mechanism that allows authentication across different enterprises in different trust domains based on a trust factor. This makes access easy, as users do not have to remember a different set of credentials for every application they use. However, the users have to provide their credentials to each one of the applications separately although the credentials used are the same. On the other hand, SSO enables users to provide their credentials once and obtain access to multiple applications. In SSO, the users are not prompted for their credentials when accessing each application until their session is terminated.
The following topics discuss the various features that are key to using Identity Federation and Single-Sign-On (SSO).