Multi-tenant identity and data security management cloud service
First Claim
1. A system for providing cloud-based identity and access management, comprising:
- a first data partition of a data source storing data for a first tenancy and a second data partition of the data source storing data for a second tenancy, wherein the first data partition is isolated from the second data partition;
one or more processors coupled to a storage device comprising instructions that, when executed by the one or more processors, are configured to;
receive a request from a client for an identity management service;
authenticate the request;
access a microservice based on the request;
determine, at the microservice based on the request, that a user related to the request comprises the first tenancy and a resource related to the request comprises the second tenancy, wherein the first tenancy and the second tenancy are determined from among a plurality of tenancies;
retrieve, by the microservice, data from at least one the first data partition based on the first tenancy or the second data partition based on the second tenancy, wherein a runtime binding with the first data partition is established when data is retrieved in a context of the first tenancy and a runtime binding with the second data partition is established when data is retrieved in a context of the second tenancy; and
perform the identity management service using the retrieved data at the microservice.
1 Assignment
0 Petitions
Accused Products
Abstract
A system provides cloud-based identity and access management. The system receives a request from a client for an identity management service, authenticates the request, and accesses a microservice based on the request. The system determines, based on the request, a tenancy of the client, a tenancy of a user, and a tenancy of a resource. The system retrieves data from the determined tenancies as required to process the request, where the data is retrieved by the microservice using a connection pool that provides connections to the database. The system then performs the identity management service by the appropriate microservice responsible for processing the received request.
102 Citations
20 Claims
-
1. A system for providing cloud-based identity and access management, comprising:
-
a first data partition of a data source storing data for a first tenancy and a second data partition of the data source storing data for a second tenancy, wherein the first data partition is isolated from the second data partition; one or more processors coupled to a storage device comprising instructions that, when executed by the one or more processors, are configured to; receive a request from a client for an identity management service; authenticate the request; access a microservice based on the request; determine, at the microservice based on the request, that a user related to the request comprises the first tenancy and a resource related to the request comprises the second tenancy, wherein the first tenancy and the second tenancy are determined from among a plurality of tenancies; retrieve, by the microservice, data from at least one the first data partition based on the first tenancy or the second data partition based on the second tenancy, wherein a runtime binding with the first data partition is established when data is retrieved in a context of the first tenancy and a runtime binding with the second data partition is established when data is retrieved in a context of the second tenancy; and perform the identity management service using the retrieved data at the microservice. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
-
receiving a request from a client for an identity management service; authenticating the request; accessing a microservice based on the request; determining, based on the request, a first tenancy of a user related to the request and a second tenancy of a resource related to the request, wherein the first tenancy and second tenancy are determined from among a plurality of tenancies; retrieving data from at least one of a first data partition of a data source for the first tenancy or a second data partition of the data source for the second tenancy, wherein the first data partition is isolated from the second data partition, and a runtime binding with the first data partition is established when data is retrieved in a context of the first tenancy and a runtime binding with the second data partition is established when data is retrieved in a context of the second tenancy; and performing the identity management service by the microservice using the retrieved data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method of providing cloud-based identity and access management, comprising:
-
receiving a request from a client for an identity management service; authenticating the request; accessing a microservice based on the request; determining, based on the request, a first tenancy of a user related to the request and a second tenancy of a resource related to the request, wherein the first tenancy and second tenancy are determined from among a plurality of tenancies; retrieving data from at least one of a first data partition of a data source for the first tenancy or a second data partition of the data source for the second tenancy, wherein the first data partition is isolated from the second data partition, and a runtime binding with the first data partition is established when data is retrieved in a context of the first tenancy and a runtime binding with the second data partition is established when data is retrieved in a context of the second tenancy; and performing the identity management service by the microservice using the retrieved data. - View Dependent Claims (17, 18, 19, 20)
-
Specification