Method for providing access control to single sign-on computer networks
First Claim
Patent Images
1. A method for providing access control to a single sign-on computer network, said method comprising:
- associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources;
in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile;
granting said access request if said group pass count is greater than a predetermined high group pass threshold value;
denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and
sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
-
Citations
12 Claims
-
1. A method for providing access control to a single sign-on computer network, said method comprising:
-
associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources; in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; granting said access request if said group pass count is greater than a predetermined high group pass threshold value; denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and sending a severity to a network administrator based on a level of deviation from normal access after denying said access request. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-readable medium storing computer-executable instructions for providing access control to a single sign-on computer network, said computer-executable instructions performing a method comprising:
-
associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources; determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; granting said access request if said group pass count is greater than a predetermined high group pass threshold value; and denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and sending a severity to a network administrator based on a level of deviation from normal access after denying said access request. - View Dependent Claims (6, 7, 8)
-
-
9. A data processing system capable of providing access control to a single sign-on computer network, said data processing system comprising:
-
means for associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources; means for determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; means for granting said access request if said group pass count is greater than a predetermined high group pass threshold value, and denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and sending a severity to a network administrator based on a level of deviation from normal access after denying said access request. - View Dependent Claims (10, 11, 12)
-
Specification