Security tokens for a multi-tenant identity and data security management cloud service
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management service, the providing comprising:
- receiving a request from a client for obtaining an access token for a user to access a resource, the user, the client, and the resource each comprising entities of the cloud-based identity and access management service, wherein the client comprises a software application that has registered with the cloud-based identity and access management service;
determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource, wherein each entity of the identity and access management service belongs to one of a plurality of tenancies, and the tenancy of the client, tenancy of the user, and tenancy of the resource are determined from among the plurality of tenancies;
accessing a microservice of the cloud-based identity and access management service based on the request; and
performing an identity management service by the microservice based on the determined tenancies, wherein the identity management service includes generating the access token that identifies the tenancy of the resource, the tenancy of the client, and the tenancy of the user; and
using the generated access token to authenticate the user'"'"'s access to the resource, wherein the user tenancy and resource tenancy are different.
1 Assignment
0 Petitions
Accused Products
Abstract
A system provides cloud-based identity and access management. The system receives a request from a client for obtaining an access token for a user to access a resource. The system determines, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource. The system accesses a microservice based on the request, and performs an identity management service by the microservice based on the request, where the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.
-
Citations
21 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management service, the providing comprising:
-
receiving a request from a client for obtaining an access token for a user to access a resource, the user, the client, and the resource each comprising entities of the cloud-based identity and access management service, wherein the client comprises a software application that has registered with the cloud-based identity and access management service; determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource, wherein each entity of the identity and access management service belongs to one of a plurality of tenancies, and the tenancy of the client, tenancy of the user, and tenancy of the resource are determined from among the plurality of tenancies; accessing a microservice of the cloud-based identity and access management service based on the request; and performing an identity management service by the microservice based on the determined tenancies, wherein the identity management service includes generating the access token that identifies the tenancy of the resource, the tenancy of the client, and the tenancy of the user; and using the generated access token to authenticate the user'"'"'s access to the resource, wherein the user tenancy and resource tenancy are different. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of providing cloud-based identity and access management service, comprising:
-
receiving a request from a client for obtaining an access token for a user to access a resource, the user, the client, and the resource each comprising entities of the cloud-based identity and access management service, wherein the client comprises a software application that has registered with the cloud-based identity and access management service; determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource, wherein each entity of the identity and access management service belongs to one of a plurality of tenancies, and the tenancy of the client, tenancy of the user, and tenancy of the resource are determined from among the plurality of tenancies; accessing a microservice of the cloud-based identity and access management service based on the request; and performing an identity management service by the microservice based on the determined tenancies, wherein the identity management service includes generating the access token that identifies the tenancy of the resource, the tenancy of the client, and the tenancy of the user; and using the generated access token to authenticate the user'"'"'s access to the resource, wherein the user tenancy and resource tenancy are different. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for providing cloud-based identity and access management service, comprising:
-
a receiving module that receives a request from a client for obtaining an access token for a user to access a resource, the user, the client, and the resource each comprising entities of the cloud-based identity and access management service, wherein the client comprises a software application that has registered with the cloud-based identity and access management service; a determining module that determines, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource, wherein each entity of the identity and access management service belongs to one of a plurality of tenancies, and the tenancy of the client, tenancy of the user, and tenancy of the resource are determined from among the plurality of tenancies; an accessing module that accesses a microservice of the cloud-based identity and access management service based on the request; and a performing module of the microservice that, using a hardware processor, performs an identity management service based on the determined tenancies, wherein the identity management service includes generating the access token that identifies the tenancy of the resource, the tenancy of the client, and the tenancy of the user; and an authentication module that authenticates the user'"'"'s access to the resource, wherein the user tenancy and resource tenancy are different.
-
Specification