SINGLE SIGN-ON IDENTITY MANAGEMENT BETWEEN LOCAL AND REMOTE SYSTEMS
First Claim
1. A computer-implemented method for providing single sign-on to remote or cloud-based computing resources, comprising:
- requesting, via a local network computer, access to a cloud-based resource;
passing a request from the local network computer to a local directory services system for a service ticket associated with a cloud-based directory services system through which access may be granted to the cloud-based resource;
passing the service ticket associated with the cloud-based directory services system from the local network computer to the cloud-based directory services system for validating a requesting user associated with the requesting local network computer for access to the requested cloud-based resource;
receiving from the cloud-based directory services system validation of the service ticket by the cloud-based directory services system for authenticating the requesting user for access to the requested cloud-based resource; and
receiving at the requesting local network computer authorization to access the requested cloud-based resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Single sign-on identity management between local and cloud-based systems is provided. A remote or cloud-based authentication endpoint is registered as a local device, service or resource in a user'"'"'s local directory services system. A local device and associated user requesting access to cloud-based resources will then see the authentication endpoint as an internal (inside the enterprise) server and may supply an authentication ticket which includes on-premises log-in or sign-on identity for the user. The remote or cloud-based authentication endpoint may then validate the authentication ticket, and the user may then access devices, applications and services operated in association with the remote or cloud-based authentication endpoint without a second or separate log-in or sign-on and without use of additional authentication equipment at the user'"'"'s enterprise network.
98 Citations
20 Claims
-
1. A computer-implemented method for providing single sign-on to remote or cloud-based computing resources, comprising:
-
requesting, via a local network computer, access to a cloud-based resource; passing a request from the local network computer to a local directory services system for a service ticket associated with a cloud-based directory services system through which access may be granted to the cloud-based resource; passing the service ticket associated with the cloud-based directory services system from the local network computer to the cloud-based directory services system for validating a requesting user associated with the requesting local network computer for access to the requested cloud-based resource; receiving from the cloud-based directory services system validation of the service ticket by the cloud-based directory services system for authenticating the requesting user for access to the requested cloud-based resource; and receiving at the requesting local network computer authorization to access the requested cloud-based resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method for providing single sign-on to cloud-based computing resources, comprising:
-
registering a cloud-based authentication endpoint as an intranet addressed system for allowing access to the cloud-based authentication endpoint from an intranet device requesting access to a cloud-based resource; receiving at the cloud-based authentication endpoint a request from the intranet device for access to the cloud-based resource; returning an authentication error code indicating the request cannot be authenticated; in response to the authentication error code, receiving at the cloud-based authentication endpoint a service ticket from a local directory services system associated with the intranet device; and at the cloud-based authentication endpoint, validating the received service ticket and authenticating a requesting user associated with the requesting intranet device for access to the cloud-based resource. - View Dependent Claims (17, 18)
-
-
19. A system for providing single sign-on to remote computing resources, comprising:
-
one or more computer processors; a memory operatively associated with the one or more processors; and a single sign-on installation tool operative to; create a computer identification object for a remote authentication endpoint against which authentication may be made to or for a local network computer requiring access one or more remote resources; create a unique identifier for the remote authentication endpoint in association with a local directory services system for linking the remote authentication endpoint with the local network computer in association with the local directory services system in which the local network computer operates; designate the remote authentication endpoint as a local addressed system accessible by the local network computer via the local directory services system; the local directory services system associated with the local network computer operative to generate and send an authentication service ticket to the remote authentication endpoint for authenticating access by a requesting user via the local network computer to the one or more remote resources in response to a single sign-on attempt to the one or more remote resources. - View Dependent Claims (20)
-
Specification