What is identity federation?
D1 ยท General ยท CompTIA Security+ SY0-701Identity federation is a system that allows users to use their identity credentials from one organization (the Identity Provider/IdP) to access resources in another organization (the Service Provider/SP) โ without needing a separate account in the SP's system.
Example: Logging into a partner company's portal using your own company's Active Directory credentials.
Standards: SAML (XML-based, enterprise), OAuth/OIDC (API-friendly), WS-Federation (Microsoft/enterprise).
Trust is established between IdP and SP via metadata exchange and certificate trust.
Example: Logging into a partner company's portal using your own company's Active Directory credentials.
Standards: SAML (XML-based, enterprise), OAuth/OIDC (API-friendly), WS-Federation (Microsoft/enterprise).
Trust is established between IdP and SP via metadata exchange and certificate trust.
Federation extends SSO across organizational boundaries. Trust is a key concept โ the SP trusts the IdP's authentication assertions. Identity federation is how "Login with Google/Microsoft/GitHub" works. ADFS (Active Directory Federation Services) is Microsoft's federation solution.