Policy enforcement point for a multi-tenant identity and data security management cloud service
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management for a plurality of tenancies, the providing comprising:
- receiving a request by a cloud gate for an identity management service for reaching an application, the request having a corresponding request endpoint that also requires access to a resource of the application;
determining a tenancy of the plurality of tenancies from a header value of the request;
looking up a policy configured to be applied for the tenancy, the policy indicating whether access to the resource by the request endpoint is allowed and a method of access;
applying the policy to the request including the method of access; and
sending the request to a microservice based on a result of the applying of the policy to the request when the policy determines that access to the resource is allowed, wherein the microservice performs the identity management service for reaching the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A system provides cloud-based identity and access management. The system receives a request by a web gate for an identity management service for reaching an application, and determines a tenancy from a header value of the request. The system looks up a policy configured to be applied for the tenancy, and applies the policy to the request. The system then sends the request to a microservice based on a result of the applying of the policy to the request, where the microservice performs the identity management service for reaching the application.
-
Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management for a plurality of tenancies, the providing comprising:
-
receiving a request by a cloud gate for an identity management service for reaching an application, the request having a corresponding request endpoint that also requires access to a resource of the application; determining a tenancy of the plurality of tenancies from a header value of the request; looking up a policy configured to be applied for the tenancy, the policy indicating whether access to the resource by the request endpoint is allowed and a method of access; applying the policy to the request including the method of access; and sending the request to a microservice based on a result of the applying of the policy to the request when the policy determines that access to the resource is allowed, wherein the microservice performs the identity management service for reaching the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of providing cloud-based identity and access management for a plurality of tenancies, comprising:
-
receiving a request by a cloud gate for an identity management service for reaching an application, the request having a corresponding request endpoint that also requires access to a resource of the application; determining a tenancy of the plurality of tenancies from a header value of the request; looking up a policy configured to be applied for the tenancy, the policy indicating whether access to the resource by the request endpoint is allowed and a method of access; applying the policy to the request including the method of access; and sending the request to a microservice based on a result of the applying of the policy to the request when the policy determines that access to the resource is allowed, wherein the microservice performs the identity management service for reaching the application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for providing cloud-based identity and access management for a plurality of tenancies, comprising:
a processor executing stored instructions to implement a plurality of modules, the modules comprising; a receiving module that receives a request by a cloud gate for an identity management service for reaching an application, the request having a corresponding request endpoint that also requires access to a resource of the application; a determining module that determines a tenancy of the plurality of tenancies from a header value of the request; a look up module that looks up a policy configured to be applied for the tenancy, the policy indicating whether access to the resource by the request endpoint is allowed and a method of access; an applying module that applies the policy to the request including the method of access; and a sending module that sends the request to a microservice based on a result of the applying of the policy to the request when the policy determines that access to the resource is allowed, wherein the microservice performs the identity management service for reaching the application. - View Dependent Claims (19, 20)
Specification