Identity proxy to provide access control and single sign on
First Claim
1. A system, comprising:
- a processor configured to;
receive a request associated with a first client app on a device to connect to the system, wherein the first client app is associated with a first cloud-based service;
determine that a secure tunnel associated with the device and a second cloud-based service exists, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service;
determine that information associated with the device is cached at the system;
use the determined information to obtain a security token to be used by the first client app to authenticate to the first cloud-based service; and
provide the security token to the first client app, wherein the secure tunnel and the security token are to be used by the client app to access to the first cloud-based service;
monitor a compliance posture of the device; and
block access to the first cloud-based service based at least in part on an indication that the compliance posture of the device has changed; and
a memory coupled to the processor and configured to provide the processor with instructions.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
39 Citations
19 Claims
-
1. A system, comprising:
-
a processor configured to; receive a request associated with a first client app on a device to connect to the system, wherein the first client app is associated with a first cloud-based service; determine that a secure tunnel associated with the device and a second cloud-based service exists, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; determine that information associated with the device is cached at the system; use the determined information to obtain a security token to be used by the first client app to authenticate to the first cloud-based service; and provide the security token to the first client app, wherein the secure tunnel and the security token are to be used by the client app to access to the first cloud-based service; monitor a compliance posture of the device; and block access to the first cloud-based service based at least in part on an indication that the compliance posture of the device has changed; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18)
-
-
14. A method, comprising:
-
receiving a request associated with a first client app on a device to connect to a security proxy server, wherein the first client app is associated with a first cloud-based service; determining that a secure tunnel associated with the device and a second cloud-based service exists, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; determining that information associated with the device is cached at the security proxy server; using the determined information to obtain a security token to be used by the first client app to authenticate to the first cloud-based service; providing the security token to the first client app, wherein the secure tunnel and the security token are to be used by the client app to access to the first cloud-based service; monitoring a compliance posture of the device; and blocking access to the first cloud-based service based at least in part on an indication that the compliance posture of the device has changed. - View Dependent Claims (15, 16, 17)
-
-
19. A computer program product to provide secure access to a cloud-based service, the computer program product being embodied in a non-transitory computer readable storage device and comprising computer instructions for:
-
receiving a request associated with a first client app on a device to connect to a security proxy server, wherein the first client app is associated with a first cloud-based service; determining that a secure tunnel associated with the device and a second cloud-based service exists, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; determining that information associated with the device is cached at the security proxy server; using the determined information to obtain a security token to be used by the first client app to authenticate to the first cloud-based service; providing the security token to the first client app, wherein the secure tunnel and the security token are to be used by the client app to access to the first cloud-based service; monitoring a compliance posture of the device; and blocking access to the cloud-based service based at least in part on an indication that the compliance posture of the device has changed.
-
Specification