Single tenant audit view in a multi-tenant environment

US 8,769,701 B2
Filed: 09/05/2012
Issued: 07/01/2014
Est. Priority Date: 09/05/2012
Status: Active Grant

First Claim

Patent Images

1. A method of correlating multi-component, per-tenant audit information in a multi-tenant computing infrastructure, comprising:

authenticating a user to the multi-tenant computing infrastructure;

associating a tenant identifier for use in the multi-tenant computing infrastructure with identity information generated as a result of the user authentication;

as audit events from one or more components are generated, associating at least some of the audit events with the tenant identifier;

storing the audit events; and

in response to a request, returning the audit events that have been associated with the tenant identifier.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method correlates audit information in a multi-tenant computing infrastructure. The method leverages a user'"'"'s authentication to the infrastructure, such as via federated single sign-on (F-SSO) from an identity provider. Preferably, the user'"'"'s tenant identifier in the environment is derived based on identity information obtained during the F-SSO exchange. This tenant identifier is propagated to one or more other components in the infrastructure that are accessed by the user. As audit event from multiple components in the computing infrastructure are generated, these audit events are annotated with the tenant identifier and stored in an audit repository. In response to a request to view the tenant'"'"'s audit data, a collection of tenant-specific audit events are then retrieved from the audit repository and displayed in a single tenant view. This approach ensures that audit event information is not leaked inadvertently between tenants.

Citations

18 Claims

1. A method of correlating multi-component, per-tenant audit information in a multi-tenant computing infrastructure, comprising:
- authenticating a user to the multi-tenant computing infrastructure;
  
  associating a tenant identifier for use in the multi-tenant computing infrastructure with identity information generated as a result of the user authentication;
  
  as audit events from one or more components are generated, associating at least some of the audit events with the tenant identifier;
  
  storing the audit events; and
  
  in response to a request, returning the audit events that have been associated with the tenant identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as described in claim 1 wherein the identity information is generated as a result of a federated single-sign on (F-SSO) exchange between an identity provider and an identity manager in the multi-tenant computing infrastructure.
  - 3. The method as described in claim 1 further including providing a display of the audit events that have been associated with the tenant identifier while restricting the display from including audit events associated with at least one other tenant identifier.
  - 4. The method as described in claim 1 wherein the user is one of:
    - a tenant administrator, a user associated with the tenant, and an administrator associated with the computing infrastructure who is acting on the tenant'"'"'s behalf.
  - 5. The method as described in claim 1 wherein the tenant identifier is derived from an F-SSO authentication credential.
  - 6. The method as described in claim 1 further including propagating the tenant identifier to one or more components in the computing infrastructure that are accessed by the user.

7. Apparatus for correlating multi-component, per-tenant audit information in a multi-tenant computing infrastructure, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method comprising;
  
  authenticating a user to the multi-tenant computing infrastructure;
  
  associating a tenant identifier for use in the multi-tenant computing infrastructure with identity information generated as a result of the user authentication;
  
  as audit events from one or more components are generated, associating at least some of the audit events with the tenant identifier;
  
  storing the audit events; and
  
  in response to a request, returning the audit events that have been associated with the tenant identifier.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus as described in claim 7 wherein the identity information is generated as a result of a federated single-sign on (F-SSO) exchange between an identity provider and an identity manager in the multi-tenant computing infrastructure.
  - 9. The apparatus as described in claim 7 wherein the method further includes providing a display of the audit events that have been associated with the tenant identifier while restricting the display from including audit events associated with at least one other tenant identifier.
  - 10. The apparatus as described in claim 7 wherein the user is one of:
    - a tenant administrator, a user associated with the tenant, and an administrator associated with the computing infrastructure who is acting on the tenant'"'"'s behalf.
  - 11. The apparatus as described in claim 7 wherein the tenant identifier is derived from an F-SSO authentication credential.
  - 12. The apparatus as described in claim 7 wherein the method further includes propagating the tenant identifier to one or more components in the computing infrastructure that are accessed by the user.

13. A computer program product in a non-transitory computer readable medium for use in a data processing system for correlating multi-component, per-tenant audit information in a multi-tenant computing infrastructure, the computer program product holding computer program instructions which, when executed by the data processing system, performs a method comprising:
- authenticating a user to the multi-tenant computing infrastructure;
  
  associating a tenant identifier for use in the multi-tenant computing infrastructure with identity information generated as a result of the user authentication;
  
  as audit events from one or more components are generated, associating at least some of the audit events with the tenant identifier;
  
  storing the audit events; and
  
  in response to a request, returning the audit events that have been associated with the tenant identifier.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product as described in claim 13 wherein the identity information is generated as a result of a federated single-sign on (F-SSO) exchange between an identity provider and an identity manager in the multi-tenant computing infrastructure.
  - 15. The computer program product as described in claim 13 wherein the method further includes providing a display of the audit events that have been associated with the tenant identifier while restricting the display from including audit events associated with at least one other tenant identifier.
  - 16. The computer program product as described in claim 13 wherein the user is one of:
    - a tenant administrator, a user associated with the tenant, and an administrator associated with the computing infrastructure who is acting on the tenant'"'"'s behalf.
  - 17. The computer program product as described in claim 13 wherein the tenant identifier is derived from an F-SSO authentication credential.
  - 18. The computer program product as described in claim 13 wherein the method further includes propagating the tenant identifier to one or more components in the computing infrastructure that are accessed by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SailPoint Technologies Holdings, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria, Readshaw, Neil Ian, Uramoto, Naohiko, Ohnishi, Katsumi
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/604,474
Publication Number

US 20140068732A1
Time in Patent Office

664 Days
Field of Search

726/6
US Class Current

726/26
CPC Class Codes

G06F 21/41 where a single sign-on prov...

Single tenant audit view in a multi-tenant environment

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Single tenant audit view in a multi-tenant environment

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links