Efficient single sign-on and identity provider configuration and deployment in a database system
First Claim
1. A computer-implemented method of establishing single sign-on capabilities in a multi-tenant database system, the multi-tenant database system supporting a plurality of users and a plurality of tenants, the method comprising:
- maintaining a common systemwide digital certificate at the multi-tenant database system, wherein the common systemwide digital certificate is configured for use with all of the plurality of users and for all of the plurality of tenants supported by the multi-tenant database system to create single sign-on links between different tenants of the plurality of tenants;
receiving, by the multi-tenant database system, a first instruction to create, for a first user of the multi-tenant database system, a first single sign-on link between a first organization of the multi-tenant database system and a second organization of the multi-tenant database system, the first instruction identifying credential information for authenticating the first user to the second organization;
in response to receiving the first instruction, using the common systemwide digital certificate to cause the multi-tenant database system to create the first single sign-on link for the first user;
receiving, by the multi-tenant database system, a second instruction to create, for a second user of the multi-tenant database system, a second single sign-on link between a third organization of the multi-tenant database system and a fourth organization of the multi-tenant database system, the second instruction identifying credential information for authenticating the second user to the fourth organization; and
in response to receiving the second instruction, using the common systemwide digital certificate to cause the multi-tenant database system to create the second single sign-on link for the second user;
wherein the first and second single sign-on links are created without processing a user-assigned digital certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data.
141 Citations
17 Claims
-
1. A computer-implemented method of establishing single sign-on capabilities in a multi-tenant database system, the multi-tenant database system supporting a plurality of users and a plurality of tenants, the method comprising:
-
maintaining a common systemwide digital certificate at the multi-tenant database system, wherein the common systemwide digital certificate is configured for use with all of the plurality of users and for all of the plurality of tenants supported by the multi-tenant database system to create single sign-on links between different tenants of the plurality of tenants; receiving, by the multi-tenant database system, a first instruction to create, for a first user of the multi-tenant database system, a first single sign-on link between a first organization of the multi-tenant database system and a second organization of the multi-tenant database system, the first instruction identifying credential information for authenticating the first user to the second organization; in response to receiving the first instruction, using the common systemwide digital certificate to cause the multi-tenant database system to create the first single sign-on link for the first user; receiving, by the multi-tenant database system, a second instruction to create, for a second user of the multi-tenant database system, a second single sign-on link between a third organization of the multi-tenant database system and a fourth organization of the multi-tenant database system, the second instruction identifying credential information for authenticating the second user to the fourth organization; and in response to receiving the second instruction, using the common systemwide digital certificate to cause the multi-tenant database system to create the second single sign-on link for the second user;
wherein the first and second single sign-on links are created without processing a user-assigned digital certificate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A single sign-on method for a computer-implemented multi-tenant database system that supports a plurality of users and a plurality of organizations, the method comprising:
-
authenticating, by a processor of the database system, a first user to a first organization supported by the database system; thereafter, receiving, at the database system, credential information for authenticating the first user to a second organization supported by the database system; obtaining at the database system a first user instruction to link, for the first user, the first organization to the second organization; in response to receiving the first user instruction, and without requiring a user-assigned digital certificate, creating, by the processor of the database system, a first single sign-on link for the user between the first organization and the second organization, wherein the first single sign-on link is created using a common systemwide digital certificate that applies to all of the plurality of users and to all of the plurality of organizations supported by the database system to create single sign-on links between different organizations of the database system; authenticating, by the processor of the database system, a second user to a third organization supported by the database system; thereafter, receiving, at the database system, credential information for authenticating the second user to a fourth organization supported by the database system; obtaining at the database system a second user instruction to link, for the second user, the third organization to the fourth organization; in response to receiving the second user instruction, and without requiring a user-assigned digital certificate, creating, by the processor of the database system, a second single sign-on link for the second user between the third organization and the fourth organization, wherein the second single sign-on link is created using the common systemwide digital certificate. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented multi-tenant database system comprising a processor and a memory, wherein the database system supports a plurality of users and a plurality of organizations, and wherein the memory comprises computer-executable instructions that, when executed by the processor, cause the computer system to:
-
authenticate a user for access to a first organization supported by the database system; receive a first instruction to create a first single sign-on link for the user between the first organization and a second organization supported by the database system, wherein the first instruction is issued while the user is an authenticated user of the first organization, and wherein the first instruction includes or identifies credential information for authenticating the user to the second organization; in response to receiving the first instruction, create the first single sign-on link using an internal systemwide digital certificate that is configured for common use with all of the plurality of users supported by the database system and with all of the plurality of organizations supported by the database system, and without processing any user-created, user-uploaded, or user-assigned digital certificates; receive a second instruction to create a second single sign-on link for the user between the first organization and a third organization supported by the database system, wherein the second instruction is issued while the user remains an authenticated user of the first organization, and wherein the second instruction includes or identifies credential information for authenticating the user to the third organization; and in response to receiving the second instruction, create the second single sign-on link using the internal systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. - View Dependent Claims (15, 16, 17)
-
Specification