Identity proxy to provide access control and single sign on
First Claim
1. A system, comprising:
- a processor configured to;
receive a request associated with a first client app on a device to connect to a security proxy, wherein the first client app is associated with a first cloud-based service;
determine that a secure tunnel exists between the device and a second cloud-based service, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service;
use the existing secure tunnel to establish a connection to the security proxy and to authenticate the first client app to the first cloud-based service, wherein to authenticate the first client app to the first cloud-based service, cached user or device information associated with the second client app is used to obtain a first security token for the first cloud-based service, wherein the cached user or device information associated with the second client app was cached in connection with authenticating the second client app to access the second cloud-based service;
provide the first security token to the first client app, wherein the first client app is configured to use the first security token to gain access to the first cloud-based service;
grant access to the first cloud-based service based at least in part on an indication that a compliance posture of the device is in compliance; and
a memory coupled to the processor and configured to provide the processor with instructions.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
43 Citations
20 Claims
-
1. A system, comprising:
-
a processor configured to; receive a request associated with a first client app on a device to connect to a security proxy, wherein the first client app is associated with a first cloud-based service; determine that a secure tunnel exists between the device and a second cloud-based service, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; use the existing secure tunnel to establish a connection to the security proxy and to authenticate the first client app to the first cloud-based service, wherein to authenticate the first client app to the first cloud-based service, cached user or device information associated with the second client app is used to obtain a first security token for the first cloud-based service, wherein the cached user or device information associated with the second client app was cached in connection with authenticating the second client app to access the second cloud-based service; provide the first security token to the first client app, wherein the first client app is configured to use the first security token to gain access to the first cloud-based service; grant access to the first cloud-based service based at least in part on an indication that a compliance posture of the device is in compliance; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving a request associated with a first client app on a device to connect to a security proxy, wherein the first client app is associated with a first cloud-based service; determining that a secure tunnel exists between the device and a second cloud-based service, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; using the existing secure tunnel to establish a connection to the security proxy and to authenticate the first client app to the first cloud-based service, wherein to authenticate the first client app to the first cloud-based service, cached user or device information associated with the second client app is used to obtain a first security token for the first cloud-based service, wherein the cached user or device information associated with the second client app was cached in connection with authenticating the second client app to access the second cloud-based service; providing the first security token to the first client app, wherein the first client app is configured to use the first security token to gain access to the first cloud-based service; and granting access to the first cloud-based service based at least in part on an indication that a compliance posture of the device is in compliance. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer program product to provide secure access to a cloud-based service, the computer program product being embodied in a non-transitory computer readable storage device and comprising computer instructions for:
-
receiving a request associated with a first client app on a device to connect to a security proxy, wherein the first client app is associated with a first cloud-based service; determining that a secure tunnel exists between the device and a second cloud-based service, wherein a second client app is associated with the second cloud-based service, wherein the secure tunnel was used to authenticate the second client app to the second cloud-based service; using the existing secure tunnel to establish a connection to the security proxy and to authenticate the first client app to the first cloud-based service, wherein to authenticate the first client app to the first cloud-based service, cached user or device information associated with the second client app is used to obtain a first security token for the first cloud-based service, wherein the cached user or device information associated with the second client app was cached in connection with authenticating the second client app to access the second cloud-based service; providing the first security token to the first client app, wherein the first client app is configured to use the first security token to gain access to the first cloud-based service; and granting access to the first cloud-based service based at least in part on an indication that a compliance posture of the device is in compliance. - View Dependent Claims (20)
-
Specification