In many cases, organizations wish to share identity information with other organizations. For example, many websites rely on credentials provided by major technology companies for their authentication, allowing users the convenience of logging in “with Google” or connecting with “your Facebook account.” This approach, where one organization depends on the identity information provided by another organization is known as federation. In a federated identity system, the organization that provides the accounts is known as the identity provider, while the organization that depends on those identities is known as the service provider.
There are several major approaches to federated identity, using different technologies:
Federation is a powerful concept that facilitates the interoperability of access control systems, the use of single sign-on, and cooperation between different organizations.
Today, many organizations also choose to adopt third-party identity and access control services that outsource some or all of the access control implementation to cloud service providers. This approach reduces the need of the organization to hire identity management specialists and transfers responsibility for maintaining complex technical infrastructures to specialist providers. These providers are known as Identity as a Service (IDaaS) providers.