Multi-factor authentication for managed directories
First Claim
1. A computer-implemented method comprising:
- obtaining, by an authentication service from a client device, a request to access a directory managed by a computer system, the request including a first set of credentials;
determining, by the computer system that manages the directory, that the first set of credentials is valid;
transmitting, by the authentication service to the client device, a second request to obtain a set of multi-factor authentication codes;
obtaining, by the authentication service from the client device, the set of multi-factor authentication codes;
as a result of the first set of credentials being valid and in response to obtaining the set of multi-factor authentication codes from the client device, providing, by the authentication service, the set of multi-factor authentication codes to a remote authentication dial in user service server for validation; and
as a result of the remote authentication dial in user service server validating the set of multi-factor authentication codes, issuing, by the authentication service, an access token to the client device to allow access to the directory.
1 Assignment
0 Petitions
Accused Products
Abstract
A user transmits a request to an authentication service to access a managed directory. The request may include a first set of credentials usable by a managed directory service to authenticate the user. As a result of the first set of credentials being valid, the authentication service may prompt the user to provide a multi-factor authentication code, which may be used by an authentication server to further authenticate the user and enable the user to access the managed directory. The authentication service subsequently provides the multi-factor authentication code to the authentication server for validation. If the multi-factor authentication code is valid, the authentication service may enable the user to access the managed directory through an encrypted communications session.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
obtaining, by an authentication service from a client device, a request to access a directory managed by a computer system, the request including a first set of credentials; determining, by the computer system that manages the directory, that the first set of credentials is valid; transmitting, by the authentication service to the client device, a second request to obtain a set of multi-factor authentication codes; obtaining, by the authentication service from the client device, the set of multi-factor authentication codes; as a result of the first set of credentials being valid and in response to obtaining the set of multi-factor authentication codes from the client device, providing, by the authentication service, the set of multi-factor authentication codes to a remote authentication dial in user service server for validation; and as a result of the remote authentication dial in user service server validating the set of multi-factor authentication codes, issuing, by the authentication service, an access token to the client device to allow access to the directory. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more processors; and memory storing thereon a set of instructions, that as a result of being performed by the one or more processors, cause the system to at least; obtain, from a first computer system, a request to access a directory managed by a second computer system operating within a network distinct from an on-premises customer network, the request including a first set of credentials; provide the first set of credentials to the second computer system to cause the second computer system to determine whether the first set of credentials are valid; obtain, from the first computer system, a second set of credentials, the second set of credentials being different from the first set of credentials; as a result of the first set of credentials being determined to be valid by the second computer system, provide the second set of credentials to an authentication server to determine whether the second set of credentials are valid; and as a result of the second set of credentials being determined to be valid by the authentication server, allow the first computer system to access the directory. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing thereon a set of instructions that, as a result of being performed by one or more processors of a computer system, cause the computer system to at least:
-
in response to obtaining, from a second computer system, a request to access a directory, the directory being managed by another computer system operating within a network distinct from an on-premises customer network, and a first set of credentials, provide the first set of credentials to the other computer system to authenticate the second computer system; transmit, to the second computer system, a second request for a second set of credentials; obtain, from the second computer system, the second set of credentials; and as a result of a determination, by the other computer system, that the first set of credentials is valid; provide the second set of credentials to an authentication server to authenticate the second computer system using the second set of credentials; and as a result of the authentication server determining that the second set of credentials are valid and authenticating the second computer system, allow the second computer system to access the directory. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification