Federated Identity
What is Federated Identity?
Federated IdentityAn arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them.
Federated identity links a user's identity across multiple independent security domains by establishing trust between an identity provider (IdP) and one or more service providers (SPs). When the user authenticates at the IdP, the SP receives a signed assertion (SAML) or token (OIDC) and grants access without managing its own credentials. Common patterns include enterprise-to-SaaS federation, business-to-business federation between partners, and consumer logins via "Sign in with Google/Apple/Microsoft". Federation reduces credential sprawl, simplifies offboarding and enables centralized MFA, but it concentrates trust in the IdP and demands careful management of metadata, signing keys and attribute mappings.
● Examples
- 01
An employee using their corporate IdP to access a SaaS analytics tool via SAML.
- 02
A consumer signing in to a third-party site with "Sign in with Google" via OpenID Connect.
● Frequently asked questions
What is Federated Identity?
An arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them. It belongs to the Identity & Access category of cybersecurity.
What does Federated Identity mean?
An arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them.
How do you defend against Federated Identity?
Defences for Federated Identity typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Federated Identity?
Common alternative names include: Identity federation, Federation.