Identity Federation

A set of identity providers (IdPs) and service providers (SPs) that agree to a minimum set of rules to exchange authentication and authorization information in a trusted manner, allowing users to sign in to multiple services using a single identity without having to remember multiple passwords.

What is identity federation?

Identity federation is a way to sign in to a site using the credentials of another organization or company. This way, you only need to remember one set of login information and you don’t have to worry about remembering multiple usernames and passwords. Instead, users can use a single credential to access all of their online accounts. The most common identity providers are social media sites like Facebook and Google. There are also enterprise-level identity providers designed for use in business environments.

How does identity federation work?

La fédération d’identités repose sur un fournisseur d’identité. Un fournisseur d’identité est un site Web ou un service qui stocke vos informations d’identification et vous permet de les utiliser pour vous connecter à d’autres sites Web ou services. Lorsque vous cliquez sur le bouton « Se connecter avec… » sur un site Web, vous êtes généralement redirigé vers la page de connexion du fournisseur d’identité. Une fois que vous avez saisi vos informations d’identification sur la page de connexion du fournisseur d’identité, vous serez redirigé vers le site ou le système d’origine sans avoir à vous reconnecter.

Identity Federation vs. Single Sign-On (SSO)

It is important to note that identity federation is different from single sign-on (SSO). With single sign-on, you sign in to one account and have access to all other accounts linked to the same entity. This is different from identity federation, where you can use your credentials from one entity to sign in to another entity. Identity federation is a decentralized approach to authentication that allows users to access multiple online services with a single set of credentials.

Examples of Identity Federation

A common use case for identity federation is an organization that wants to provide its customers with quick access to its online services. In this case, the organization sets up an identity provider (IdP) and configures it to authenticate users using their existing account with a third-party service, such as Renater, Facebook, or Google. Once authenticated, the user can access the organization’s services without creating a new account or remembering multiple credentials.

Another common example of identity federation is an organization that wants to securely share data with another organization. For example, a research center may want to give its collaborators and doctoral students access to the research records of another research center or university that uses a different information system and therefore a different identity provider (IdP). In this case, the research center would set up an IdP and configure it so that its collaborators and doctoral students can use their existing credentials to log in to the services of the other research centers and universities. This would allow the research center to control which collaborators and doctoral students have access to the research records and prevent unauthorized users from accessing them.

Pros

Enhances security

When you use federated login, your credentials are stored only on the identity provider's servers. This means that if one of the websites or services you use is compromised, your credentials are not exposed.

Ease of Access

With federated login, you only need to remember your credentials for one account. This can be much easier than keeping track of multiple credentials for different sites and services.

Cost Savings

Implementing a federated login system can be less expensive than setting up and maintaining a single sign-on solution. You don’t need to build and deploy a custom SSO solution.

Cons

Increases Dependency

When you use federated login, you rely on the identity provider to keep your credentials secure. If the identity provider experiences an outage or security breach, you may not be able to sign in to the websites and services you use.

Limited control

You also give up some control over your account with federated login. For example, if you want to change your password on one of the websites or services you use, you’ll have to do it through the identity provider.

Reduced flexibility

Federated login systems can also be less flexible than single sign-on solutions because they typically only work with a few specific account types. So if you want to use federated login with a new website or service, it may not be compatible with your existing system.