Context based conditional access for cloud services
First Claim
Patent Images
1. A method comprising:
- receiving a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services;
receiving, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account;
determining a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request;
comparing, by a processing device, the context of the request to an access policy for the single sign-on system;
automatically determining a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and
granting the user conditional access to the cloud service using the associated access credential for the first user account,wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service.
2 Assignments
0 Petitions
Accused Products
Abstract
A cloud service access and information gateway receives a first authentication factor for a user in a single sign-on system. The single sign-on system provides access to a plurality of cloud services. The gateway receives, from a user device, a request to access a cloud service of the plurality of cloud services. The gateway compares a context of the request to an access policy for the single sign-on system and grants conditional access to the cloud service based on the access policy.
69 Citations
21 Claims
-
1. A method comprising:
-
receiving a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receiving, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determining a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; comparing, by a processing device, the context of the request to an access policy for the single sign-on system; automatically determining a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and granting the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a memory; and a processing device coupled with the memory to; receive a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receive, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determine a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; compare the context of the request to an access policy for the single sign-on system;
automatically determine a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; andgrant the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receiving, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determining a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; comparing, by a processing device, the context of the request to an access policy for the single sign-on system; automatically determining a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and granting the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification