Visit us at it-sa 2024!

GetyourfreeticketGetyourfreeticket

Security lock

What is an Identity Provider (IDP)?

Identity providers (IDPs) are central access systems for service providers. Users make use of IDPs to verify their identity via password and/or other factors in order to log in to local devices or Internet accounts. By outsourcing user authentication to external providers, online services and applications can benefit from single sign-on (SSO). This involves a central login to the IDP to globally activate all linked applications and services for the respective users.

Myra Services on this topic: Automated management of SSL/TLS certificates powered by Myra Certificate Management
How IDP and SSO work in practice

01

Identity Provider (IDP): Definition

In most cases, IDPs are used today to provide users with the simplest possible, yet still secure, access to a wide range of services on the Internet. IDP systems act as a central authentication point, where login is achieved by entering one or more factors such as user names, passwords, biometric data (fingerprint, iris scan) or one-time codes. If two or more factors are required for login, it is referred to as 2-factor authentication (2FA) or multi-factor authentication (MFA) respectively. After successful login, users are granted access to the service(s) which are connected via the respective IDP. In conjunction with SSO, one login to the IDP is sufficient for centralized authentication for multiple services or systems. The credentials are transferred between the IDP and the individual services and systems using security protocols such as SAML (Security Assertion Markup Language), OpenID or OAuth (Open Authorization).

Code on a screen

02

What are the advantages of IDPs?

Outsourcing the authentication process to specialized providers offers several advantages. Since digital identities and the authentication factors associated with them contain highly sensitive data, the management of this information requires the utmost care as well as technical and procedural expertise in terms of IT security and data protection. Not all service providers are able to comprehensively provide these capabilities. The solution here is provided by specialized IDPs that manage all identities and credentials securely with appropriate redundancy.

How does Single Sign-On (SSO) with IDPs work?

IDPs are often used for SSO. Primarily, SSO provides advantages in terms of convenience and security for users. Instead of being confronted with a multitude of different credentials in everyday digital life, the widespread use of SSO dramatically reduces the number of login details required. These limited login details can be better secured with strong passwords and multi-level login procedures. If, on the other hand, users have to manage many different logins themselves, many tend to repeatedly use the same passwords and/or simple passwords – both of which have a negative impact on IT security.

On the technical side, there are also security advantages to using SSO. With SSOs, the authentication factors are only transmitted once. This reduces the attack surface for cyberattacks or phishing attempts aimed at capturing the login data.

What are the solutions for SSO?

Portal

The portal solution allows users to log in centrally to access the various applications and services available via that portal. For example, logging in to an Internet service to use e-mail, calendar, cloud storage and other products. In portal solutions, successful authentication with one service is transferred between all available services via cookies, for example.

Ticketing

Ticketing systems such as Kerberos rely on a trusted authority (Ticket Granting Ticket) for central ticket allocation. Once users have successfully logged in to this authority, further login tickets can be automatically created and sent for each associated service without the need for re-authentication.

Local

Local SSO solutions are mostly used on clients that are accessed regularly in the workplace. Here, the logins for applications and services are centrally and cryptographically protected and stored on the client or a connected network. After successful login on the SSO client, the credentials are activated. SSO clients are integrated in web browsers, for example, as password managers.

QR code scanner with cell phone

03

What are the disadvantages of using an IDP?

As soon as there are problems with the accessibility of the IDP or the provider itself has to deal with technical problems, the applications and systems behind the authentication are no longer accessible. In SSO scenarios in particular, there is a risk that users will be cut off from a large number of services at one time.

Locked cell phone screen

04

IDP: What you need to know

The abbreviation IDP stands for Identity Provider. An IDP is an authentication service for digital identities. Solution providers use IDPs to outsource and optimize the login process for their services. Users log in to IDPs using one or more factors and are then granted access to the stored accounts and the services linked to them. The transfer of credentials between the deployed IDP and the individual services and systems takes place via security protocols such as SAML (Security Assertion Markup Language), OpenID or OAuth (Open Authorization). Furthermore, IDPs offer the possibility of providing access to a range of services or even entire platforms centrally via SSO. This offers advantages in terms of user convenience and security, since users have to manage fewer credentials and these can be defined more securely. Common methods for implementing SSO solutions are portal systems, ticketing solutions, or local solutions.