Provisioning enterprise services provided by an infrastructure service server
First Claim
1. A method, comprising:
- receiving, at an enterprise mobility management (EMM) server, a first client certificate;
sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server;
receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server;
sending the second client certificate to the IDP;
using a trust relationship between the IDP and the EMM server to establish a secure communication channel;
receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP;
sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and
receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software can be used to share content. In some aspect, an enterprise mobility management (EMM) server receives a command for provisioning a user for an enterprise service at an identity provider (IDP). The EMM server sends a user provisioning request to the IDP. The user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service. The EMM server receives a user provisioning response from the IDP. The user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
16 Citations
14 Claims
-
1. A method, comprising:
-
receiving, at an enterprise mobility management (EMM) server, a first client certificate; sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server; receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server; sending the second client certificate to the IDP; using a trust relationship between the IDP and the EMM server to establish a secure communication channel; receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP; sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An enterprise mobility management (EMM) server, comprising:
-
a memory; and at least one hardware processor communicatively coupled with the memory and configured to; receiving, at the EMM server, a first client certificate; sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server; receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server; sending the second client certificate to the IDP; using a trust relationship between the IDP and the EMM server to establish a secure communication channel; receive, at the EMM server, a command for provisioning a user for an enterprise service at the IDP; send, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and receive, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
-
receiving, at an enterprise mobility management (EMM) server, a first client certificate; sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server; receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server; sending the second client certificate to the IDP; using a trust relationship between the IDP and the EMM server to establish a secure communication channel; receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP; sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service. - View Dependent Claims (12, 13, 14)
-
Specification