Credential-free user login to remotely executed applications
First Claim
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
- receiving, with one or more processors executing a permission-management application, a first request to manage permissions of one or more users to access resources with client computing devices, wherein;
the permission-management application is configured to manage permissions for users of an organization to access a plurality of network-accessible applications;
the plurality of different network-accessible applications have different permission-management application program interfaces; and
the permission-management application is configured to manage permissions for users to access respective instances of a plurality of different native applications executing on the client computing devices;
determining, with the permission-management application, that the first request specifies a first user is to be de-permissioned for a first native application among the plurality of different native applications and, in response, sending via a network, with the permission-management application, instructions to a first client computing device to revoke the first user'"'"'s authority to access the first native application;
receiving, with the permission-management application, a second request to manage permissions of one or more users to access resources with client computing devices; and
determining, with the permission-management application, that the second request specifies a second user is to be de-permissioned for a first network-accessible application among the plurality of network-accessible applications and, in response, sending via a network, with the permission-management application, instructions to an intermediary server to revoke the second user'"'"'s authority to access the first network-accessible application,wherein the intermediary server is configured to automate control of login information for the first network-accessible application for the users of the organization.
3 Assignments
0 Petitions
Accused Products
Abstract
Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
-
Citations
20 Claims
-
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
-
receiving, with one or more processors executing a permission-management application, a first request to manage permissions of one or more users to access resources with client computing devices, wherein; the permission-management application is configured to manage permissions for users of an organization to access a plurality of network-accessible applications; the plurality of different network-accessible applications have different permission-management application program interfaces; and the permission-management application is configured to manage permissions for users to access respective instances of a plurality of different native applications executing on the client computing devices; determining, with the permission-management application, that the first request specifies a first user is to be de-permissioned for a first native application among the plurality of different native applications and, in response, sending via a network, with the permission-management application, instructions to a first client computing device to revoke the first user'"'"'s authority to access the first native application; receiving, with the permission-management application, a second request to manage permissions of one or more users to access resources with client computing devices; and determining, with the permission-management application, that the second request specifies a second user is to be de-permissioned for a first network-accessible application among the plurality of network-accessible applications and, in response, sending via a network, with the permission-management application, instructions to an intermediary server to revoke the second user'"'"'s authority to access the first network-accessible application, wherein the intermediary server is configured to automate control of login information for the first network-accessible application for the users of the organization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving, with one or more processors executing a permission-management application, a first request to manage permissions of one or more users to access resources with client computing devices, wherein; the permission-management application is configured to manage permissions for users of an organization to access a plurality of network-accessible applications; the plurality of different network-accessible applications have different permission-management application program interfaces; and the permission-management application is configured to manage permissions for users to access respective instances of a plurality of different native applications executing on the client computing devices; determining, with the permission-management application, that the first request specifies a first user is to be de-permissioned for a first native application among the plurality of different native applications and, in response, sending via a network, with the permission-management application, instructions to a first client computing device to revoke the first user'"'"'s authority to access the first native application; receiving, with the permission-management application, a second request to manage permissions of one or more users to access resources with client computing devices; and determining, with the permission-management application, that the second request specifies a second user is to be de-permissioned for a first network-accessible application among the plurality of network-accessible applications and, in response, sending via a network, with the permission-management application, instructions to an intermediary server to revoke the second user'"'"'s authority to access the first network-accessible application, wherein the intermediary server is configured to automate control of login information for the first network-accessible application for the users of the organization.
-
Specification