0

Federated Authentication Definition

KZero Staff
Jul 27, 2023

What is Federated Authentication?

Different organizations and applications commonly have their own user authentication systems. For example, an employee of a company should have a single centrally managed identity that allows them access to the company systems and applications that they need to do their job.

While this works well for systems within the organization, companies sometimes need to share access with third parties. For example, contractors or vendors may need limited access to a company’s data and systems.

Federated authentication systems provide a means of sharing access without giving a user a unique account for each organization whose systems they can access. Federated authentication helps simplify identity and access management (IAM) and reduces the burden of account management for users.

How Does Federated Authentication Work?

Federated authentication relies on trust relationships between organizations’ identity management systems. Each organization will have an identity provider (IdP) that is responsible for storing a user’s identity records, authenticating their identity, and attesting to that identity upon request.

In a federated authentication system, an organization’s systems are configured to trust authentication tokens from other organizations’ IdPs. For example, if a user from company A wants to access an application from company B, then might go through the following process:

  • The user will request access to the application, which is also known as the service provider (SP)
  • The SP will send an authentication request to company A’s IdP.
  • The IdP will authenticate the user’s identity using biometrics, username and password, or similar mechanisms.
  • Company A’s IdP will send an authentication token to the SP attesting to the user’s identity.
  • The SP will use this token to determine if the user should be granted access to the application.

At the end of the day, the user has only provided their password or other authentication information to their company’s IdP. However, since the application trusts that IdP to authenticate its users, it’s able to make a decision whether or not to allow the user access.

Benefits of Federated Authentication

Federated authentication is designed to streamline the process of authenticating users to multiple organizations. Some of the benefits that it provides include:

  • Single Sign-On (SSO): Federated authentication allows SSO to be implemented across organizational boundaries. Once a user has authenticated to their IdP once, it can send authentication tokens to any system that trusts it.
  • Enhanced Security: Creating multiple accounts for a user makes identity management more complex and increases the risk of weak and reused passwords. Federated authentication allows users to maintain a single login account, which reduces the risk of poor security practices.
  • Better User Experience: Maintaining and entering multiple passwords into applications from various organizations can be a headache. Federation and SSO eliminate the need for multiple accounts and repeated logins.
  • Simplified Management: An organization only needs to manage a single set of identities for its employees, with all other identities managed by their host organizations. This eliminates the need to create and delete accounts as third-party partners come and go.

Conclusion

Federated authentication allows users to authenticate across organizational boundaries without maintaining multiple accounts and logins. Applications in one organization are configured to trust authentication tokens from another, eliminating the need for users to enter passwords into other companies’ systems.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Share the page: