Session synchronization across multiple devices in an identity cloud service
First Claim
1. A method for session synchronization across multiple devices of a user in a cloud-based identity and access management (IAM) system, the method comprising:
- authenticating the user into an application on a first device of the user;
receiving a first request by a single-sign-on (SSO) service of the cloud-based IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, wherein a second device of the user is already enrolled in the CoT device group;
sending a push notification to the second device to obtain user consent of the user to enroll the first device in the CoT device group, wherein the second device obtains the consent of the user and sends a consent token to the first device;
receiving a second request from the first device by the SSO service, wherein the second request includes the consent token;
verifying the consent token;
enrolling the first device in the CoT device group; and
performing SSO session synchronization across devices enrolled in the CoT device group including the first device and the second device.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments provide session synchronization across multiple user devices in a cloud-based identity and access management (IAM) system by authenticating the user into an application on a first device; receiving a first request by a single-sign-on (SSO) service of the IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, where a second device of the user is already enrolled in CoT; sending a push notification to the second device to obtain user consent to enroll the first device in CoT, where the second device obtains user consent and sends a consent token to the first device; receiving a second request including the consent token from the first device; verifying the consent token; enrolling the first device in CoT; and performing SSO session synchronization across devices enrolled in CoT.
291 Citations
20 Claims
-
1. A method for session synchronization across multiple devices of a user in a cloud-based identity and access management (IAM) system, the method comprising:
-
authenticating the user into an application on a first device of the user; receiving a first request by a single-sign-on (SSO) service of the cloud-based IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, wherein a second device of the user is already enrolled in the CoT device group; sending a push notification to the second device to obtain user consent of the user to enroll the first device in the CoT device group, wherein the second device obtains the consent of the user and sends a consent token to the first device; receiving a second request from the first device by the SSO service, wherein the second request includes the consent token; verifying the consent token; enrolling the first device in the CoT device group; and performing SSO session synchronization across devices enrolled in the CoT device group including the first device and the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium comprising instructions that, when executed by a processor, cause the processor to perform session synchronization across multiple devices of a user in a cloud-based identity and access management (IAM) system, the processor executing the instructions to:
-
authenticate the user into an application on a first device of the user; receive a first request by a single-sign-on (SSO) service of the cloud-based IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, wherein a second device of the user is already enrolled in the CoT device group; send a push notification to the second device to obtain user consent of the user to enroll the first device in the CoT device group, wherein the second device obtains the consent of the user and sends a consent token to the first device; receive a second request from the first device by the SSO service, wherein the second request includes the consent token; verify the consent token; enroll the first device in the CoT device group; and perform SSO session synchronization across devices enrolled in the CoT device group including the first device and the second device. - View Dependent Claims (17, 18, 19)
-
-
20. A cloud-based identity and access management (IAM) system for performing session synchronization across multiple devices of a user, the system comprising a processor coupled to storage, the processor executing instructions to:
-
authenticate the user into an application on a first device of the user; receive a first request by a single-sign-on (SSO) service of the cloud-based IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, wherein a second device of the user is already enrolled in the CoT device group; send a push notification to the second device to obtain user consent of the user to enroll the first device in the CoT device group, wherein the second device obtains the consent of the user and sends a consent token to the first device; receive a second request from the first device by the SSO service, wherein the second request includes the consent token; verify the consent token; enroll the first device in the CoT device group; and perform SSO session synchronization across devices enrolled in the CoT device group including the first device and the second device.
-
Specification