IDENTITY MANAGEMENT AND DEVICE ENROLLMENT IN A CLOUD SERVICE
First Claim
1. A method for brokering requests to enroll machines with one or more cloud-based applications using an enrollment service application executed by a processor circuit, the method comprising:
- receiving an enrollment request at an enrollment service application from a first machine, the enrollment request including a first access token;
providing the first access token to an authorization service application via a network;
receiving, via the network and from the authorization service application, an indication of one or more data access scopes associated with the first access token;
in the event of the one or more data access scopes being valid, requesting a second access token from the authorization service application via the network;
receiving the second access token from the authorization service application via the network; and
providing, using the enrollment service application, machine-specific identification information to the authorization service application using the second access token, and to the first machine, the machine-specific identification information selected for use by the first machine for later data access to a cloud-based application.
2 Assignments
0 Petitions
Accused Products
Abstract
In various example embodiments, systems and methods for administering machine access to a cloud service are presented. A first device or machine can access an enrollment service in a cloud environment using user-based credential data. The enrollment service can request registration of the first device with an authorization service. If the authorization service accepts the request, then the authorization service can provide credential data for the first device to use to access one or more cloud-based services. In an example embodiment, a third party application provides devices and an enrollment service with credential data that can be used to facilitate device enrollment with cloud services.
-
Citations
20 Claims
-
1. A method for brokering requests to enroll machines with one or more cloud-based applications using an enrollment service application executed by a processor circuit, the method comprising:
-
receiving an enrollment request at an enrollment service application from a first machine, the enrollment request including a first access token; providing the first access token to an authorization service application via a network; receiving, via the network and from the authorization service application, an indication of one or more data access scopes associated with the first access token; in the event of the one or more data access scopes being valid, requesting a second access token from the authorization service application via the network; receiving the second access token from the authorization service application via the network; and providing, using the enrollment service application, machine-specific identification information to the authorization service application using the second access token, and to the first machine, the machine-specific identification information selected for use by the first machine for later data access to a cloud-based application. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for enabling data communication between a machine and a remote service application via a network, the method comprising:
-
providing, using a first machine, user-based credential data to an authorization service application via a network; receiving, at the first machine and via the network, an authorization code from the authorization service application when the user-based credential data is valid; providing, using the first machine and via the network, the authorization code and a request for an access token to the authorization service application, and in response, receiving an access token from the authorization service application; providing, using the first machine, the access token and an enrollment request to an enrollment service application via the network, the enrollment request including a request for data access to a cloud-based application; and receiving, from the enrollment service application, machine credential data selected by the enrollment service application to permit the first machine later access to the cloud-based application. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for administering machine access to a cloud service application, the method comprising:
-
accessing, by a computer system corresponding to a first machine, an enrollment service application executed on an enrollment server, the accessing permitted for a specified reference duration based on user credential data of a user of the first machine; using the enrollment service, providing a request via a network to an authorization service application to register the first machine with the authorization service application; in response to the request to register the first machine with the authorization service application, using the authorization service application, providing via the network an indication of authorized machine credential data, corresponding to the first machine, to the enrollment service application; and in response to successfully enrolling the first machine with the enrollment service application, receiving the authorized machine credential data at the first machine, the authorized machine credential data configured to grant the first machine data access to one or more cloud-based services. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification