Enforcing restrictions on third-party accounts
First Claim
1. A method, comprising:
- receiving, via an authentication management service executed by at least one of one or more computing devices with memory, a request from a client to access account credentials for a network site;
determining, via the authentication management service, that the client corresponds to a user in an organization and the network site corresponds to a third-party network site under management by the organization, the third-party network site being operated by a third party that does not correspond to the organization;
determining, via the authentication management service, whether network traffic between the client and the third-party network site is routed via a proxy server application operated by the organization; and
denying, via the authentication management service, access of the client to a managed account with the third-party network site in response to determining that the network traffic between the client and the third-party network site is not routed via the proxy server application, wherein denying access of the client to the managed account comprises refraining from providing a security credential of the managed account to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments for management of third-party accounts for users in an organization. A request is received from a client corresponding to a user in an organization to access a third-party network site under management by the organization. The third-party network site is operated by a third party that does not correspond to the organization. It is determined whether network traffic between the client and the third-party network site is routed via a proxy server operated by the organization. Access of the client to a managed account with the third-party network site is denied in response to determining that the network traffic between the client and the third-party network site is not routed via the proxy server.
68 Citations
17 Claims
-
1. A method, comprising:
-
receiving, via an authentication management service executed by at least one of one or more computing devices with memory, a request from a client to access account credentials for a network site; determining, via the authentication management service, that the client corresponds to a user in an organization and the network site corresponds to a third-party network site under management by the organization, the third-party network site being operated by a third party that does not correspond to the organization; determining, via the authentication management service, whether network traffic between the client and the third-party network site is routed via a proxy server application operated by the organization; and denying, via the authentication management service, access of the client to a managed account with the third-party network site in response to determining that the network traffic between the client and the third-party network site is not routed via the proxy server application, wherein denying access of the client to the managed account comprises refraining from providing a security credential of the managed account to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
at least one computing device with memory; and at least one application executable in the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least; receive a request from a client to access account credentials for a network site; determine that the client corresponds to a user in an organization and the network site corresponds to a third-party network site under management by the organization, the third-party network site being operated by a third party that does not correspond to the organization; determine whether network traffic between the client and the third-party network site is routed via a proxy server operated by the organization; and deny access of the client to a managed account with the third-party network site in response to determining that the network traffic between the client and the third-party network site is not routed via the proxy server, wherein denying access of the client to the managed account comprises refraining from providing a security credential of the managed account to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
receiving, via an authentication management service executed by at least one of one or more computing devices with memory, a request from a client to access account credentials for a network site; determining, via the authentication management service, that the client corresponds to a user in an organization and the network site corresponds to a third-party network site under management by the organization, the third-party network site being operated by a third party that does not correspond to the organization; determining, via the authentication management service, that network traffic between the client and the third-party network site is routed via a proxy server operated by the organization; and granting, via the authentication management service, access of the client to a managed account with the third-party network site in response to determining that the network traffic between the client and the third-party network site is routed via the proxy server, granting access of the client to the managed account comprises sending a security credential for the managed account to the client. - View Dependent Claims (17)
-
Specification