EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM
First Claim
1. A computer-implemented method of establishing single sign-on capabilities in a multi-tenant database system, the method comprising:
- maintaining a cross-tenant and cross-user systemwide digital certificate at the multi-tenant database system;
receiving an instruction to create, for a user of the multi-tenant database system, a single sign-on link between a first organization of the multi-tenant database system and a second organization of the multi-tenant database system, the instruction identifying credential information for authenticating the user to the second organization; and
in response to receiving the instruction, using the cross-tenant and cross-user systemwide digital certificate to create the single sign-on link for the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data.
162 Citations
32 Claims
-
1. A computer-implemented method of establishing single sign-on capabilities in a multi-tenant database system, the method comprising:
-
maintaining a cross-tenant and cross-user systemwide digital certificate at the multi-tenant database system; receiving an instruction to create, for a user of the multi-tenant database system, a single sign-on link between a first organization of the multi-tenant database system and a second organization of the multi-tenant database system, the instruction identifying credential information for authenticating the user to the second organization; and in response to receiving the instruction, using the cross-tenant and cross-user systemwide digital certificate to create the single sign-on link for the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A single sign-on method for a computer-implemented database system, the method comprising:
-
authenticating a user to a first organization supported by the database system; thereafter, receiving credential information for authenticating the user to a second organization supported by the database system; obtaining a user instruction to link, for the user, the first organization to the second organization; in response to receiving the user instruction, and without requiring a user-assigned digital certificate, creating a single sign-on link for the user between the first organization and the second organization. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system comprising a processor and a memory, wherein the memory comprises computer-executable instructions that, when executed by the processor, cause the computer system to:
-
authenticate a user for access to a first organization supported by the database system; receive an instruction to create a single sign-on link for the user between the first organization and a second organization supported by the database system, wherein the instruction is issued while the user is an authenticated user of the first organization, and wherein the instruction includes or identifies credential information for authenticating the user to the second organization; and in response to receiving the instruction, create the single sign-on link using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. - View Dependent Claims (18, 19, 20)
-
-
21. A method of deploying an identity provider service for a computer-implemented system, the method comprising:
-
receiving a user command; in response to receiving the user command, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, creating the identity provider service at the computer-implemented system; and after creating the identity provider service, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, configuring the identity provider service to allow the computer-implemented system to publish electronic identity information for its users. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A computer-implemented method of publishing electronic identity information for a user, the method comprising:
-
providing a first markup language document for presentation to the user, the first markup language document defining an active graphical user interface (GUI) element; receiving a user command that indicates activation of the active GUI element; in response to receiving the user command, and without requiring any additional user commands, user instructions, or user-entered data, creating an identity provider service at the computer-implemented system; and thereafter, providing a second markup language document for presentation to the user, the second markup language document confirming successful configuration of the identity provider service. - View Dependent Claims (29, 30, 31, 32)
-
Specification