Discovering and disambiguating identity providers
First Claim
1. One or more computer-readable storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to:
- receive a first user identifier;
place one or more Application Programming Interface (API) calls to perform discovery on the first user identifier against a plurality of identity providers to determine whether any of the plurality of identity providers has an identity profile that matches the first user identifier;
based at least on a determination that a single identity provider of the plurality has a user profile that matches the first user identifier, provide redirect instructions for authenticating against the single identity provider;
based at least on a determination that multiple identity providers of the plurality have a user profile that matches the first user identifier, provide instructions for rendering a first disambiguation user interface;
based at least on a determination that disambiguation is unable to be performed, provide instructions for rendering a second disambiguation user interface; and
based at least on a determination that no identity provider of the plurality has a user profile that matches the first user identifier, provide instructions for rendering at least one of an account creation interface and an interface permitting input of a second user identifier.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable storage media are provided for discovering and disambiguating identity providers such that user knowledge of appropriate identity providers is minimized. Users are presented with options for selecting appropriate providers only when multiple providers have user profiles matching a user identifier. When users are presented with options for selecting appropriate providers, providers that have user profiles matching the identifier are identified utilizing identity information for the application that utilizes the identity provider for its users rather than information identifying the identity provider itself. Where it is determined that no identity provider has a user profile associated with the user identifier (or where it is determined that a particular identity provider would generally be appropriate to be utilized with the user identifier), the opportunity for users to create an authentication account with one or more identity providers or to retry with a different user identifier is provided.
-
Citations
33 Claims
-
1. One or more computer-readable storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to:
-
receive a first user identifier; place one or more Application Programming Interface (API) calls to perform discovery on the first user identifier against a plurality of identity providers to determine whether any of the plurality of identity providers has an identity profile that matches the first user identifier; based at least on a determination that a single identity provider of the plurality has a user profile that matches the first user identifier, provide redirect instructions for authenticating against the single identity provider; based at least on a determination that multiple identity providers of the plurality have a user profile that matches the first user identifier, provide instructions for rendering a first disambiguation user interface; based at least on a determination that disambiguation is unable to be performed, provide instructions for rendering a second disambiguation user interface; and based at least on a determination that no identity provider of the plurality has a user profile that matches the first user identifier, provide instructions for rendering at least one of an account creation interface and an interface permitting input of a second user identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method being performed by one or more computing devices including at least one processor, comprising:
-
receiving a first user identifier; placing one or more Application Programming Interface (API) calls to perform discovery on the first user identifier against a plurality of identity providers to determine whether any of the plurality of identity providers has authentication information associated with the first user identifier; based at least on a determination that a single identity provider of the plurality of identity providers has authentication information associated with the first user identifier, redirecting the user for authentication against the single identity provider; based at least on a determination that multiple identity providers of the plurality of identity providers have authentication information associated with the first user identifier, rendering a first disambiguation user interface; based at least on a determination that disambiguation is unable to be performed, rendering a second disambiguation user interface; and based at least on a determination that no identity provider of the plurality of identity providers have authentication information associated with the first user identifier, rendering at least one of an account creation interface and an interface permitting input of a second user identifier. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
a server having one or more processors and one or more computer-readable storage media; and at least one data store coupled with the server, the server configured to; receive a request for access to an application or service for which authentication is required; provide a first user interface that allows for selection from a first plurality of identity providers or identity provider types for authenticating to the application or service, wherein the first user interface further allows for selection of an option for seeking assistance in selecting one of the first plurality of identity providers or identity provider types; receive a selection of the option for seeking assistance in selecting one of the first plurality of identity providers or identity provider types; provide a second user interface prompting for input of a single user identifier; and place one or more Application Programming Interface (API) calls to perform discovery on the user identifier against a second plurality of identity providers to determine if any identity providers of the second plurality have an identity profile that matches the user identifier. - View Dependent Claims (22, 23)
-
-
24. A system comprising:
-
a server having one or more processors and one or more computer-readable storage media; and at least one data store coupled with the server, wherein the server; receives a first user identifier; places one or more Application Programming Interface (API) calls to perform discovery on the first user identifier against a plurality of identity providers to determine whether any of the plurality of identity providers has an identity profile that matches the first user identifier; based at least on a determination that a single identity provider of the plurality has a user profile that matches the first user identifier, provides redirect instructions for authenticating against the single identity provider; based at least on a determination that multiple identity providers of the plurality have a user profile that matches the first user identifier, provides instructions for rendering a first disambiguation user interface; based at least on a determination that disambiguation is unable to be performed, provides instructions for rendering a second disambiguation user interface; and based at least on a determination that no identity provider of the plurality has a user profile that matches the first user identifier, provides instructions for rendering at least one of an account creation interface and an interface permitting input of a second user identifier. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification