What is Federated Identity Management?

Federated Identity Management or FIM (I say it as fim) refers to a system set up between organisations that allows users access to multiple resources belonging to those organisations. This means that companies partnering on projects have an arrangement in place that allows their employees access to information and resources across the board using a single login.

Now if you’re thinking that this is just another name for SSO (Single Sign-On), you wouldn’t be the first. People often conflate the two; however, there’s a fundamental difference between FIM and SSO in that SSO allows users access to multiple apps within a single domain while FIM provides access across numerous domains.In this case, a domain being a company or a business unit.

So how does this all work?

For this system to function, there needs to be a mutual trust between all involved and for this trust to be upheld, each company manages their own user identities and decides who has access to what resources. However, when these companies become interconnected, they employ the use of a centralised third-party platform that they trust to manage user credentials (digital identities). This platform is what is known as an Identity Provider (IdP) or Identity Broker.?

An identity provider manages user identities and access to resources across all the domains in the FIM structure. Members of the FIM structure trust the primary domain credentials of the users because users are only required to authenticate once before they’re granted access to each service in the FIM.?

An example of a trusted IdP is Google. Most of us are familiar with the phrase ‘Login using Google’ which allows us to access multiple resources on the internet using our Google credentials. In this case, Google is acting as an IdP for these services and saving the user the hassle of creating yet another set of credentials. We have enough forgotten usernames and passwords.

Now that we know what an IdP is, say there are three organisations in a FIM structure; A, B and C with an integrated identity provider. The IdP acts as the home domain and it stores and manages all users’ credentials. So when a user attempts to log in to either A, B or C, they don’t have to have credentials for those domains because the IdP authenticates the user. A, B and C trust the IdP to validate the user’s credentials and grant them access.

The FIM structure here works because A, B and C send each other messages to authorise access to the resources within the structure using Security Assertion Markup Language (SAML).

Why use a Federated Identity Management structure?

When multiple organisations are collaborating on a project, FIM makes access and flow of information easy and convenient because it gets rid of all the bureaucracy that is usually involved whenever users require access to resources from domains other than their primary one. Now FIM does not undermine admin integrity across the domains because each domain still manages access to their respective resources.

Each organisation is able to remain compliant and their data is protected despite the users’ ease of access.

FIM helps reduce workload and increase productivity because all the time and effort spent managing access to each domain every time a user logs-in is saved because users can sign in using a single login.

However, there are drawbacks…

The players involved in a FIM arrangement already have working systems in place, therefore implementing a FIM structure that takes care of every organisation’s needs is an expensive venture. Existing systems would have to be modified which would cost time and money.

Due to the fact that each organisation operates differently, it takes a lot of time for the parties to come to an agreement and develop policies that cater to each organisation’s security needs.

Organisations are free to join as many federations as they want; however, each federation has its own set of rules which only make the process more complicated and time-consuming since they have to adhere to each federation’s stipulations.

It’s always intimidating when new technology emerges because it either poses a threat to the existing way of doing things or it shines the light on just how much we don’t know. Either way, being afraid of it will not stop or slow down innovation. Our best bet is to embrace it and learn as much we can to improve our businesses and ultimately, our lives.