Identity and identity providers

In Enterprise Application Access (EAA) authentication, an identity is a set of attributes which describe a user. These digital identities are stored in a directory. For directory types see Directories. For more information about attributes see User attributes.

Identity providers (IdP) offer user authentication as a service. They create, maintain, and manage identity information for principals (typically a user) in a cloud. Some IdPs can act as the directory and others can delegate authentication back to the Active Directory (AD) or LDAP. IdPs provide authentication to applications within a federated or distributed network.

You can have the account administrator configure a user as an identity provider administrator to perform identity provider configurations or have a custom administrator to manage the administration tasks for multiple resources using role-based access control in the Control Center.

IdPs use SAML, a federated identity protocol that enables web browser single sign-on (SSO), to securely exchange identity information between two autonomous entities.

The primary use case for IdPs is SSO authentication. Additional security such as two factor authentication (2FA) and multi-factor authentication (MFA) can be layered on top of the SSO authentication. See Single sign-on (SSO) authentication and Multi-factor authentication.

Next, see SAML and Add a new identity provider.