Identity Federation

alt

Today's global business environment has created a demand for new business models and processes where closer relationships between business partners, suppliers and customers are needed. As the number of trusted parties grow, the issue of establishing secure relations for sharing sensitive information becomes a challenge. With PortWise Identity Federation, an organisation can establish trust relationships with these entities to shift user identity management to the respective user's home domain for secure and user friendly information sharing.

PortWise Identity Federation provides an infrastructure that enables identities and their relevant entitlements to be propagated across administrative domains, both within an organisation as well as across organisation boundaries.

Business Values
By enabling PortWise Identity Federation, an organisation may offer its business partners and customers fully secured, role-based access to sensitive information, without having to worry about the management of external user identities. Management of user identities and roles are then handled by a user's home domain to enable single sign-on functionality and lower costs related to identity management. An organisation may benefit from Identity Federation in the following ways:

  • Stronger relationships with customers are developed by offering seamless access to corporate resources. Disruptions in productivity such as when users cannot use services due to account locking, password resets, etc. are significantly reduced.
  • Reduced administration is realised by shifting user identity management to a user's home domain.
  • The Enabling of Single Sign-On to both internal and external applications reduces costs and improves the end-user experience.
  • Ideal for online business partnership integration and company/departmental mergers.

How does it work?
PortWise Identity Federation is based on open standards, including SAML 2.0 and Microsoft ADFS, to enable integration with existing identity federation infrastructures. When a user, or Subject, requests a resource or application hosted by an external organisation, the Service Provider, the PortWise Access Manager sends a SAML or ADFS compliant authentication request to the user's home domain, the Identity Provider. The Identity Provider then authenticates the user (using a domain login, or any other form of authentication) and replies with an authentication response, or assertion, back to the Service Provider. This assertion, containing information about the user and his entitlement, e.g. organizational role, type of authentication used, etc. is then used by the Service Provider to log on the user to the target application.

PortWise Access Manager can be configured as a Service Provider and/or Identity Provider, as well as use both SAML and ADFS simultaneously. When PortWise Access Manager is acting as an Identity Provider, all PortWise authentication mechanisms may be utilized to create SAML assertions. PortWise Access Manager is unique in the way it integrates strong user authentication (client certificate, One-time-passwords, OATH, etc) with SAML based Identity Federation.