IDENTITY SERVICES FOR ORGANIZATIONS TRANSPARENTLY HOSTED IN THE CLOUD

US 20130254847A1
Filed: 03/20/2012
Published: 09/26/2013
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method for establishing single identity on a cloud computing platform, comprising:

validating a user credential associated with a computer;

receiving an identification of a domain for which single identity is to be established from the computer;

in response to validating the user credential, configuring a directory service on the cloud computing platform for sign-ons from users of the domain;

determining to permit a log in to a second computer in response to determining that the directory service authorizes a credential associated with the log in; and

authorizing the credential associated with the log in to access a software service provided on the cloud computing platform in response to determining that the directory service authorized the credential associated with the log in.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform.

Citations

20 Claims

1. A method for establishing single identity on a cloud computing platform, comprising:
- validating a user credential associated with a computer;
  
  receiving an identification of a domain for which single identity is to be established from the computer;
  
  in response to validating the user credential, configuring a directory service on the cloud computing platform for sign-ons from users of the domain;
  
  determining to permit a log in to a second computer in response to determining that the directory service authorizes a credential associated with the log in; and
  
  authorizing the credential associated with the log in to access a software service provided on the cloud computing platform in response to determining that the directory service authorized the credential associated with the log in.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining that the domain has an on-premises directory service;
      
      in response to determining that the domain has the on-premises directory service, configuring a synchronization service on the cloud computing platform for replicating data between the directory service on the cloud computing platform and the on-premises directory service;
      
      receiving an indication of a virtual private network (VPN) endpoint and a credential to access the on-premises directory service;
      
      establishing, by the cloud computing platform, a VPN connection with the VPN endpoint, using the credential to access the on-premises directory service; and
      
      replicating credential data between the directory service on the cloud computing platform and the on-premises directory service using the synchronization service.
  - 3. The method of claim 1, wherein configuring the directory service on the cloud computing platform for sign-ons from users of the domain further comprises:
    - configuring a federation service on the cloud computing platform for users of the domain.
  - 4. The method of claim 1, wherein configuring the directory service on the cloud computing platform for sign-ons from users of the domain comprises:
    - determining that the domain is a public domain;
      
      in response to determining that the domain is a public domain, sending data to the computer;
      
      determining that the data is accessible at a known location in the domain;
  - 5. The method of claim 4, wherein determining that the data is accessible at the known location in the domain comprises:
    - determining that the data is stored within a mail exchanger (MX) record in the domain.
  - 6. The method of claim 4, wherein determining that the data is accessible at the known location in the domain comprises:
    - determining that the data is stored within a domain TXT record (text record) in the domain.
  - 7. The method of claim 1, wherein configuring the directory service on the cloud computing platform for sign-ons from users of the domain comprises:
    - determining that control of the domain need not be proven in response to determining that the domain is a private domain.

8. A system for establishing single identity on a cloud computing platform, comprising:
- a processor; and
  
  a memory communicatively coupled to the processor when the system is operational, the memory bearing processor-executable instructions that, when executed on the processor, cause the system to at least;
  
  validate a user credential associated with a computer;
  
  receive an identification of a domain for which single identity is to be established from the computer;
  
  in response to validating the user credential, configure a directory service on the cloud computing platform for sign-ons from users of the domain;
  
  determine to permit a log in to a second computer in response to determining that the directory service authorizes a credential associated with the log in; and
  
  authorize the credential associated with the log in to access a software service provided on the cloud computing platform in response to determining that the directory service authorized the credential associated with the log in.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the memory further bears processor-executable instructions that, when executed on the processor, cause the system to at least:
    - ;
      
      determine that the domain has an on-premises directory service;
      
      in response to determining that the domain has the on-premises directory service, configure a synchronization service on the cloud computing platform for replicating data between the directory service on the cloud computing platform and the on-premises directory service;
      
      receive an indication of a virtual private network (VPN) endpoint and a credential to access the on-premises directory service;
      
      establish, by the cloud computing platform, a VPN connection with the VPN endpoint, using the credential to access the on-premises directory service; and
      
      replicate credential data between the directory service on the cloud computing platform and the on-premises directory service using the synchronization service.
  - 10. The system of claim 8, wherein the instructions that, when executed on the processor, cause the system to at least configure the directory service on the cloud computing platform for sign-ons from users of the domain further cause the system to at least:
    - configure a federation service on the cloud computing platform for users of the domain.
  - 11. The system of claim 8, wherein the instructions that, when executed on the processor, cause the system to at least configure the directory service on the cloud computing platform for sign-ons from users of the domain further cause the system to at least:
    - determine that the domain is a public domain;
      
      in response to determining that the domain is a public domain, send data to the computer;
      
      determine that the data is accessible at a known location in the domain;
  - 12. The system of claim 11, wherein the instructions that, when executed on the processor, cause the system to at least determine that the data is accessible at the known location in the domain further cause the system to at least:
    - determine that the data is stored within a mail exchanger (MX) record in the domain.
  - 13. The system of claim 11, wherein the instructions that, when executed on the processor, cause the system to at least determine that the data is accessible at the known location in the domain further cause the system to at least:
    - determine that the data is stored within a domain TXT record (text record) in the domain.
  - 14. The system of claim 8, wherein the instructions that, when executed on the processor, cause the system to at least configure the directory service on the cloud computing platform for sign-ons from users of the domain further cause the system to at least:
    - determine that control of the domain need not be proven in response to determining that the domain is a private domain.

15. A computer-readable storage medium for establishing single identity on a cloud computing platform, bearing computer-executable instructions that when executed on a computer, cause the computer to perform operations comprising:
- validating a user credential associated with a first computer;
  
  receiving an identification of a domain for which single identity is to be established from the first computer;
  
  in response to validating the user credential, configuring a directory service on the cloud computing platform for sign-ons from users of the domain;
  
  determining to permit a log in to a second computer in response to determining that the directory service authorizes a credential associated with the log in; and
  
  authorizing the credential associated with the log in to access a software service provided on the cloud computing platform in response to determining that the directory service authorized the credential associated with the log in.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, further bearing computer-executable instructions that when executed on the computer, cause the computer to perform operations comprising:
    - determining that the domain has an on-premises directory service;
      
      in response to determining that the domain has the on-premises directory service, configuring a synchronization service on the cloud computing platform for replicating data between the directory service on the cloud computing platform and the on-premises directory service;
      
      receiving an indication of a virtual private network (VPN) endpoint and a credential to access the on-premises directory service;
      
      establishing, by the cloud computing platform, a VPN connection with the VPN endpoint, using the credential to access the on-premises directory service; and
      
      replicating credential data between the directory service on the cloud computing platform and the on-premises directory service using the synchronization service.
  - 17. The computer-readable storage medium of claim 15, wherein configuring the directory service on the cloud computing platform for sign-ons from users of the domain further comprises:
    - configuring a federation service on the cloud computing platform for users of the domain.
  - 18. The computer-readable storage medium of claim 15, wherein configuring the directory service on the cloud computing platform for sign-ons from users of the domain comprises:
    - determining that the domain is a public domain;
      
      in response to determining that the domain is a public domain, sending data to the computer;
      
      determining that the data is accessible at a known location in the domain;
  - 19. The computer-readable storage medium of claim 18, wherein determining that the data is accessible at the known location in the domain comprises:
    - determining that the data is stored within a mail exchanger (MX) record in the domain.
  - 20. The computer-readable storage medium of claim 18, wherein determining that the data is accessible at the known location in the domain comprises:
    - determining that the data is stored within a domain TXT record (text record) in the domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Didcock, Clifford N., Chander, Girish, Adams, Ross, Wells, Dean

Granted Patent

US 10,176,335 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

IDENTITY SERVICES FOR ORGANIZATIONS TRANSPARENTLY HOSTED IN THE CLOUD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY SERVICES FOR ORGANIZATIONS TRANSPARENTLY HOSTED IN THE CLOUD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links