Cross cloud application access
First Claim
1. A computer-implemented method for a security endpoint of a non-isolated public cloud computing environment that permits data access in accordance with a non-isolated scope, the method comprising:
- receiving a login request related to an application, wherein the application operates in the non-isolated public cloud computing environment, and wherein the login request corresponds to a user of the application;
sending a lookup query to a directory service, wherein the lookup query includes information related to an identity of the user;
receiving a lookup response from the directory service;
in response to the lookup response indicating that the user belongs to the non-isolated public cloud computing environment;
requesting an authentication credential from a client device of the user,validating the authentication credential, andin response to successful validation of the authentication credential, providing an identity token to the client device; and
in response to the lookup response indicating that the user belongs to one of a plurality of isolated sovereign cloud computing environments, redirecting the client device to a security endpoint of the one of the plurality of isolated sovereign cloud computing environments, wherein the plurality of isolated sovereign cloud computing environments restrict data access in accordance with an isolated scope.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for a security endpoint of a non-isolated computing environment includes receiving a login request related to an application within that environment. The login request corresponds to a user of the application. The method includes sending a lookup query, including information related to an identity of the user, to a directory service. The method includes receiving a lookup response from the directory service. The method includes, in response to the lookup response indicating that the user belongs to the non-isolated computing environment, requesting an authentication credential from a client device of the user, validating the authentication credential, and in response to successful validation of the authentication credential, providing an identity token to the client device. The method includes, in response to the lookup response indicating that the user belongs to an isolated computing environment, redirecting the client device to a security endpoint of the isolated computing environment.
-
Citations
20 Claims
-
1. A computer-implemented method for a security endpoint of a non-isolated public cloud computing environment that permits data access in accordance with a non-isolated scope, the method comprising:
-
receiving a login request related to an application, wherein the application operates in the non-isolated public cloud computing environment, and wherein the login request corresponds to a user of the application; sending a lookup query to a directory service, wherein the lookup query includes information related to an identity of the user; receiving a lookup response from the directory service; in response to the lookup response indicating that the user belongs to the non-isolated public cloud computing environment; requesting an authentication credential from a client device of the user, validating the authentication credential, and in response to successful validation of the authentication credential, providing an identity token to the client device; and in response to the lookup response indicating that the user belongs to one of a plurality of isolated sovereign cloud computing environments, redirecting the client device to a security endpoint of the one of the plurality of isolated sovereign cloud computing environments, wherein the plurality of isolated sovereign cloud computing environments restrict data access in accordance with an isolated scope. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A security endpoint of a non-isolated public cloud computing environment that permits data access in accordance with a non-isolated scope, the security endpoint comprising:
-
a computer-readable storage device configured to store computer-executable instructions; and a processing device configured to execute the computer-executable instructions, which upon execution by the processing device, control the security endpoint to perform; receiving a login request related to an application, wherein the application operates in the non-isolated public cloud computing environment, and wherein the login request corresponds to a user of the application; sending a lookup query to a directory service, wherein the lookup query includes information related to an identity of the user; receiving a lookup response from the directory service; in response to the lookup response indicating that the user belongs to the non-isolated public cloud computing environment; requesting an authentication credential from a client device of the user, validating the authentication credential, and in response to successful validation of the authentication credential, providing an identity token to the client device; and in response to the lookup response indicating that the user belongs to one of a plurality of isolated sovereign cloud computing environments, redirecting the client device to a security endpoint of the one of the plurality of isolated sovereign cloud computing environments, wherein the plurality of isolated sovereign cloud computing environments restrict data access in accordance with an isolated scope. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification