• Links electronic identities and attributes across multiple identity management systems
• Enables users to use the same credentials for login across systems managed by different organizations
• Based on trust relationships between systems
• Federation extends beyond an organization’s boundaries
  1. Partners
  2. Suppliers
  3. Customers
• Simplifies user access to various services
• Ensures security through trust relationships between networks

Federation Process

Login Initiation

User accesses a service or application and chooses to log in

Redirection to Identity Provider

Service Provider (SP) redirects the user to their Identity Provider (IdP) for authentication

Authentication of the user

IdP validates the user’s identity using stored credentials

Validates the user’s identity

Generation of Assertion

IdP creates an assertion (token) with user identity and authentication status in a standardized format

Return to Service Provider

User returns to the original service or application with the assertion from the IdP

Verification and Access

Service Provider verifies the assertion and grants access based on the information it contains