Unified management of third-party accounts

US 9,225,704 B1
Filed: 06/13/2013
Issued: 12/29/2015
Est. Priority Date: 06/13/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, comprising:

code that manages a plurality of third-party network site accounts for a plurality of users in an organization;

code that determines that one of the plurality of users has requested access to a third-party network site;

code that determines whether one of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site;

code that configures a client associated with the one of the plurality of users to access the third-party network site using the one of the plurality of third-party network site accounts in response to determining that the one of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site;

code that determines whether the one of the plurality of users has an existing user-maintained account with the third-party network site;

code initiates creation of a new third-party account with the third-party network site in response to determining that none of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site and in response to determining that the one of the plurality of users does not have the existing user-maintained account with the third-party network site; and

code that generates a user interface configured to receive a security credential for the existing user-maintained account from the one of the plurality of users in response to determining that determining that none of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site and in response to determining that the one of the plurality of users has the existing user-maintained account with the third-party network site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for management of third-party accounts for users in an organization. It is determined whether a user in an organization is to be provided with managed access to a third-party network site. An account may be managed for the user with the third-party network site in response when the user is to be provided with managed access to the third-party network site. A security credential is stored for the managed account. A client computing device associated with the user is configured to authenticate with the third-party network site using the security credential. The user may be restricted from accessing the security credential.

Citations

20 Claims

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, comprising:
- code that manages a plurality of third-party network site accounts for a plurality of users in an organization;
  
  code that determines that one of the plurality of users has requested access to a third-party network site;
  
  code that determines whether one of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site;
  
  code that configures a client associated with the one of the plurality of users to access the third-party network site using the one of the plurality of third-party network site accounts in response to determining that the one of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site;
  
  code that determines whether the one of the plurality of users has an existing user-maintained account with the third-party network site;
  
  code initiates creation of a new third-party account with the third-party network site in response to determining that none of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site and in response to determining that the one of the plurality of users does not have the existing user-maintained account with the third-party network site; and
  
  code that generates a user interface configured to receive a security credential for the existing user-maintained account from the one of the plurality of users in response to determining that determining that none of the plurality of third-party network site accounts is available for use by the one of the plurality of users for accessing the third-party network site and in response to determining that the one of the plurality of users has the existing user-maintained account with the third-party network site.
- View Dependent Claims (2, 3, 4, 20)
- - 2. The non-transitory computer-readable medium of claim 1, wherein security credentials associated with the plurality of third-party network site accounts are inaccessible by the plurality of users.
  - 3. The non-transitory computer-readable medium of claim 1, further comprising code that periodically rotates at least one security credential for the plurality of third-party network site accounts.
  - 4. The non-transitory computer-readable medium of claim 1, further comprising:
    - code that determines that the one of the plurality of users has left the organization; and
      
      code that disables at least one of the plurality of third-party network site accounts associated with the one of the plurality of users in response to determining that the one of the plurality of users has left the organization.
  - 20. The non-transitory computer-readable medium of claim 1, further comprising code that changes the security credential for the existing user-maintained account to a different security credential.

5. A system, comprising:
- at least one computing device; and
  
  at least one application executable in the at least one computing device, the at least one application comprising;
  
  logic that determines whether a user in an organization is to be provided with managed access to a third-party network site;
  
  logic that manages a first account for the user with the third-party network site in response to determining that the user is to be provided with managed access to the third-party network site;
  
  logic that stores a security credential for the managed first account;
  
  logic that configures a client computing device associated with the user to authenticate with the third-party network site using the security credential, wherein access by the user to the security credential is restricted; and
  
  logic that disables access by the user to the third-party network site via a second account that is not managed by the logic that manages the first account, wherein, in response to the access via the second account being disabled, the user is required to use the first account instead of the second account to access the third-party network site.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The system of claim 5, wherein the at least one application further comprises logic that verifies that the security credential for the managed first account has not been changed by the user.
  - 7. The system of claim 5, wherein the at least one application further comprises:
    - logic that receives auditing data for the managed first account from the third-party network site; and
      
      logic that determines whether use of the managed first account recorded in the auditing data complies with a rule for acceptable use of the managed first account.
  - 8. The system of claim 5, wherein the at least one application further comprises:
    - logic that generates a replacement security credential for the managed first account;
      
      logic that establishes the replacement security credential for the managed first account with the third-party network site; and
      
      logic that updates the stored security credential with the replacement security credential.
  - 9. The system of claim 5, wherein the at least one application further comprises:
    - logic that determines that the user is no longer to be provided with access to the managed first account; and
      
      logic that disables access to the managed first account by the user in response to determining that the user is no longer to be provided with access to the managed first account.
  - 10. The system of claim 9, wherein the at least one application further comprises logic that enables access to the managed first account for another user in the organization after disabling access to the managed first account by the user.
  - 11. The system of claim 5, wherein the at least one application further comprises:
    - logic that determines whether the organization will pay the third-party network site for access by the user; and
      
      wherein the logic that manages the first account for the user is configured to create the managed first account for the user in response to determining that the organization will pay the third-party network site for access by the user.
  - 12. The system of claim 5, wherein the at least one application further comprises logic that configures the managed first account to employ a managed channel of communication for security credential reset requests through the third-party network site, the managed channel of communication being inaccessible by the user.
  - 13. The system of claim 5, wherein the logic that manages the account for the user is configured to create the managed first account for the user in response to the user accessing the third-party network site via the client.
  - 14. The system of claim 5, wherein the logic that stores the security credential is configured to associate the security credential with a user identity of the user for the organization.

15. A method, comprising:
- authenticating, via at least one of one or more first computing devices, an identity of a user in an organization;
  
  receiving, via at least one of the one or more first computing devices, security credentials for one of a plurality of third-party accounts from a second computing device in response to authenticating the identity of the user, wherein the security credentials for the plurality of third-party accounts are managed by the organization on behalf of the user;
  
  determining, via at least one of the one or more first computing devices, that the user has requested access to a third-party network site associated with the one of the plurality of third-party accounts;
  
  authenticating, via at least one of the one or more first computing devices, with the third-party network site using the security credential for the one of the plurality of third-party accounts;
  
  causing, via at least one of the one or more first computing devices, a user interface to be rendered based at least in part on data received from the third-party network site after authentication with the third-party network site; and
  
  disabling, via at least one of the one or more computing devices, access by the user to the third-party network site via an account that is not managed by the organization, wherein, in response to the access via the account that is not managed by the organization being disabled, the user is required to use the one of the plurality of third-party accounts instead of the account that is not managed by the organization to access the third-party network site.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the security credentials are inaccessible to the user via the first computing device.
  - 17. The method of claim 15, further comprising:
    - determining, via at least one of the one or more first computing devices, that the user has requested access to another third-party network site;
      
      determining, via at least one of the one or more first computing devices, that the other third-party network site is unassociated with the plurality of third-party accounts; and
      
      initiating creation, via at least one of the one or more first computing devices, of an account with the other third-party network site for the user in response to determining that the other third-party network site is unassociated with the plurality of third-party accounts.
  - 18. The method of claim 17, further comprising:
    - rendering, via at least one of the one or more first computing devices, a user interface that displays a message that prompts the user to confirm that usage of the other third-party network site is related to the organization;
      
      receiving, via at least one of the one or more first computing devices, a user confirmation via the user interface that usage of the other third-party network site is related to the organization; and
      
      initiating, via at least one of the one or more first computing devices, a creation of the account with the other third-party network site in response to receiving the user confirmation that the usage of the other third-party network site is related to the organization.
  - 19. The method of claim 15, further comprising:
    - determining, via at least one of the one or more first computing devices, that the user has requested access to another third-party network site;
      
      receiving, via at least one of the one or more first computing devices, a security credential for a user-managed third-party account with the other third-party network site from the user;
      
      sending, via at least one of the one or more first computing devices, the security credential for the user-managed third-party account to the second computing device; and
      
      importing, via at least one of the one or more first computing devices, the user-managed third-party account to become managed by the organization on behalf of the user, wherein the organization subsequently controls access to the security credential of the user-managed third-party account that has become managed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper Mikael, Canavor, Darren Ernest, McClintock, Jon Arron
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Corum, Jr., William

Application Number

US13/917,138
Time in Patent Office

929 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/20 for managing network securi...

Unified management of third-party accounts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unified management of third-party accounts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links