Multi-factor authentication for managed applications using single sign-on technology
First Claim
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:
- receive an authentication request for a first client application executed in a client device;
receive data generated by a single sign-on credential from the client device as part of a single sign-on process, the single sign-on credential being configured to be used by a plurality of client applications of the client device;
verify the data generated by the single sign-on credential;
determine whether at least one supplementary authentication factor is required from a second client application by;
determining a version of an operating system of the client device; and
determining that the at least one second authentication factor should be requested when the version of the operating system corresponds to a particular operating system version;
when the at least one supplementary authentication factor is required, and prior to sending an authentication token to the first client application;
request the at least one supplementary authentication factor from the second client application;
receive the at least one supplementary authentication factor from the second client application; and
verify the at least one supplementary authentication factor prior to allowing the first client application to be authenticated in the single sign-on process;
in response to verifying the data generated by the single sign-on credential and verifying the at least one supplementary authentication factor from the second client application, generate the authentication token; and
send the authentication token to the first client application.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples for facilitating multi-factor authentication for client applications that are configured to use single sign-on technology. An authentication request for a first client application executed in a client device is received by an identity provider. The identity provider then receives data generated by a single sign-on credential from the client device. The single sign-on credential is configured to be used by multiple client applications of the client device. The data generated by the single sign-on credential is verified by the identity provider. The identity provider requests one or more supplementary authentication factors from a second client application. The identity provider then receives the supplementary authentication factor(s) from the second client application and verifies the supplementary authentication factor(s). The identity provider generates an authentication token and sends the token to the first client application.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:
-
receive an authentication request for a first client application executed in a client device; receive data generated by a single sign-on credential from the client device as part of a single sign-on process, the single sign-on credential being configured to be used by a plurality of client applications of the client device; verify the data generated by the single sign-on credential; determine whether at least one supplementary authentication factor is required from a second client application by; determining a version of an operating system of the client device; and determining that the at least one second authentication factor should be requested when the version of the operating system corresponds to a particular operating system version; when the at least one supplementary authentication factor is required, and prior to sending an authentication token to the first client application; request the at least one supplementary authentication factor from the second client application; receive the at least one supplementary authentication factor from the second client application; and verify the at least one supplementary authentication factor prior to allowing the first client application to be authenticated in the single sign-on process; in response to verifying the data generated by the single sign-on credential and verifying the at least one supplementary authentication factor from the second client application, generate the authentication token; and send the authentication token to the first client application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
at least one computing device; and an identity provider service executable by the at least one computing device, the identity provider service configured to cause the at least one computing device to at least; receive an authentication request for a first client application executed in a client device; receive data generated by a single sign-on credential from the client device as part of a single sign-on process, the single sign-on credential being configured to be used by a plurality of client applications of the client device; verify the data generated by the single sign-on credential; determine whether at least one supplementary authentication factor is required from a second client application by; determining a version of an operating system of the client device; and determining that the at least one second authentication factor should be requested when the version of the operating system corresponds to a particular operating system version; when the at least one supplementary authentication factor is required, and prior to sending an authentication token to the first client application; request the at least one supplementary authentication factor from the second client application; receive the at least one supplementary authentication factor from the second client application; and verify the at least one supplementary authentication factor prior to allowing the first client application to be authenticated in the single sign-on process; in response to verifying the data generated by the single sign-on credential and verifying the at least one supplementary authentication factor from the second client application, generate the authentication token; and send the authentication token to the first client application. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method, comprising:
-
receiving an authentication request for a first client application executed in a client device; receiving data generated by a single sign-on credential from the client device as part of a single sign-on process, the single sign-on credential being configured to be used by a plurality of client applications of the client device; verifying the data generated by the single sign-on credential; determining whether at least one supplementary authentication factor is required from a second client application by; determining a version of an operating system of the client device; and determining that the at least one second authentication factor should be requested when the version of the operating system corresponds to a particular operating system version; when the at least one supplementary authentication factor is required, and prior to sending an authentication token to the first client application; requesting the at least one supplementary authentication factor from the second client application; receiving the at least one supplementary authentication factor from the second client application; and verifying the at least one supplementary authentication factor prior to allowing the first client application to be authenticated in the single sign-on process; in response to verifying the data generated by the single sign-on credential and verifying the at least one supplementary authentication factor from the second client application, generating the authentication token; and sending the authentication token to the first client application. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification