What Is An Identity Provider (IdP)?

An IdP enables a user’s identity to facilitate access to all their resources, from email to company file management systems. 

An IdP workflow involves three key steps: 

1. Request: The user is requested to enter some form of identity, such as a username and password or biometric authentication. 
2. Verification: The IdP checks to determine if the user has access, and what they have access to. 
3. Unlocking: The user is given access to the specific resources to which they are authorized. 

A service provider is the entity that provides the service being accessed, whereas an IdP is the entity that creates, stores, and manages identities as well as the ability to authenticate a user.

Both SPs and IdPs are part of federated identity management (FIM), where users are allowed to use the same verification method to access different resources. FIM is achieved through standard protocols like SAML, OAuth, OpenID Connect (OIDC), and SCIM.

The IdP establishes a trusted relationship with an SP by sharing identities and authenticating users across domains. For example, when a user attempts to access any third-party apps (SPs), the request is sent to an IdP like Entrust Identity as a Service (IDaaS). The IdP authenticates the user identity and indicates the SP using a SAML assertion that the user is verified and has permission to access the service.

There are several benefits, including: 

• Stronger authentication: An IdP can provide tools and solutions that ensure secure access across apps, websites, and other digital platforms such as risk-based adaptive multi-factor authentication (MFA). 
• Simplified user management: Another solution most IdPs provide is single sign-on (SSO), which saves users the hassle of creating and maintaining multiple usernames and passwords. 
• Bring Your Own Identity (BYOI): With BYOI, users can access services with identity credentials that they already have (e.g., Google, Outlook, etc.) instead of creating new ones. This further improves the efficiency of onboarding and managing users while still maintaining a high level of security. 
• Better visibility: An IdP will maintain a central audit trail of all access events, thereby making it easier to prove who is accessing what resources and when. 
• Reduces identity management burden: The SP does not need to manage user identities as it becomes the IdP’s responsibility. 

There are two primary types of identity providers: Security Assertion Markup Language (SAML) and Single-Sign On (SSO). 

SAML is an XML based markup language used for authentication via identity federation. SAML is a ubiquitous protocol that is supported by various service provider applications such as Office 365, Salesforce, Webex, ADP, and Zoom. 

SSO is an access management function that enables users to log in with a single set of identity credentials to multiple accounts, software, systems, and resources. For example, when an employee enters their credentials to login to their workstation they are also authenticated to access their apps, resources and cloud-based software. 

Identity providers (IdP) can help solve several administration headaches that businesses face. With an identity service provider, long lists of usernames and passwords are virtually eliminated, administration is simplified and there’s a detailed paper trail of access attempts, should an issue arise. 

Most consumers are familiar with apps that give them the option of logging in by tapping a button that connects that account to the user’s Facebook or Google account. The concept is similar in the business world, with a few added benefits. First, compliance is simplified with an audit trail of all access events. Second, businesses can reduce IT costs by upwards of 20% by reducing helpdesk time for password resets. 

Yes. Entrust Identity as a Service (IDaaS) is a cloud-based identity and access management (IAM) solution that includes multi-factor authentication (MFA), credential-based passwordless access, and single sign-on (SSO). Offering an exhaustive set of IAM capabilities, IDaaS is the right IdP to maximize your protection with its Zero Trust approach to security. 

Identity and access management (IAM) is a framework of security policies and technologies that ensures that the right entities can gain access to the right resources at the right time. 

An entity can be a person or a device. Resources include applications, networks, infrastructure, and data. IAM can apply to workforce, consumer, and citizen use cases. 

IAM is based on the premise of establishing and maintaining trusted digital identities. With IAM, organizations are able to authenticate and authorize entities to grant secure access to the right resources. As well, trust is maintained over time with adaptive risk-based authentication that provides a step-up challenge when conditions warrant.