Identity services for organizations transparently hosted in the cloud
First Claim
Patent Images
1. A method for establishing single identity on a cloud computing platform, comprising:
- validating a user credential associated with a first user on a first computer;
receiving, from the first computer, information indicative of a domain comprising a plurality of computing devices communicating over a network for which single identity is to be established;
determining that the first user has control of the domain, in response to a determination that the domain is a public domain;
in response to validating the user credential and determining that the first user has control of the domain, storing the information indicative of the domain in a service on the cloud computing platform for authorizing sign-ons from a plurality of users of the domain including the first user, the service comprising a database used to authenticate the plurality of users within the domain;
determining to permit a log in by the first user to a second computer hosted on the cloud platform in response to determining that the service authorizes the user credential associated with the log in; and
authorizing the first user to access a software service provided on at least one computing device within the domain hosted on the cloud computing platform in response to determining that the service authorized the user credential associated with the log in.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform.
-
Citations
20 Claims
-
1. A method for establishing single identity on a cloud computing platform, comprising:
-
validating a user credential associated with a first user on a first computer; receiving, from the first computer, information indicative of a domain comprising a plurality of computing devices communicating over a network for which single identity is to be established; determining that the first user has control of the domain, in response to a determination that the domain is a public domain; in response to validating the user credential and determining that the first user has control of the domain, storing the information indicative of the domain in a service on the cloud computing platform for authorizing sign-ons from a plurality of users of the domain including the first user, the service comprising a database used to authenticate the plurality of users within the domain; determining to permit a log in by the first user to a second computer hosted on the cloud platform in response to determining that the service authorizes the user credential associated with the log in; and authorizing the first user to access a software service provided on at least one computing device within the domain hosted on the cloud computing platform in response to determining that the service authorized the user credential associated with the log in. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for establishing single identity on a cloud computing platform, comprising:
-
a module configured to validate a user credential associated with a first user on a first computer; a module configured to receive, from the first computer, information indicative of a domain for which single identity is to be established, the domain comprising a plurality of computing devices communicating over a network; a module configured to determine that the domain is a public domain; a module configured to, in response to determining that the domain is a public domain, determine that the first user has control of the domain; a module configured to, in response to validating the user credential and determining that the first user has control of the domain, store the information indicative of the domain in a service on the cloud computing platform for authorizing sign-ons from a plurality of users of the domain including the first user, the service comprising a database used to authenticate the plurality of users within the domain; a module configured to, determine to permit a log in by the first user to a second computer on the cloud computing platform in response to determining that the service authorizes the user credential associated with the log in; and a module configured to authorize the first user to access a software service provided on at least one computing device within the domain hosted on the cloud computing platform in response to determining that the directory service authorized the user credential associated with the log in. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage device for establishing single identity on a cloud computing platform, bearing computer-executable instructions that when executed on a computer, cause the computer to perform operations comprising:
-
validating a user credential associated with a first user on a first computer; receiving, from the first computer, information indicative of a domain comprising a plurality of computing devices communicating over a network for which single identity is to be established; determining that the first user has control of the domain in response to a determination that the domain is a public domain in response to validating the user credential and determining that the first user has control of the domain, storing the information indicative of the domain in a service on the cloud computing platform for authorizing sign-ons from a plurality of users of the domain including the first user, the service comprising a database used to authenticate the plurality of users within the domain; determining to permit a log in by the first user to a second computer on the cloud platform in response to determining that the service authorizes the user credential associated with the log in; and authorizing the first user to access a software service provided on at least one computing device within the domain hosted on the cloud computing platform in response to determining that the service authorized the user credential associated with the log in. - View Dependent Claims (17, 18, 19, 20)
-
Specification