MULTI-TENANCY IDENTITY MANAGEMENT SYSTEM
First Claim
1. A computer-implemented method comprising:
- creating a first identity domain through a shared identity management system;
associating a first plurality of services with the first identity domain;
sharing, among the first plurality of services, identities of a first set of users managed by the shared identity management system;
creating, through the shared identity management system, a second identity domain that is isolated from the first identity domain;
associating a second plurality of services with the second identity domain; and
sharing, among the second plurality of services, identities of a second set of users managed by the shared identity management system.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-tenant identity management (IDM) system enables IDM functions to be performed relative to various different customers'"'"' domains within a shared cloud computing environment and without replicating a separate IDM system for each separate domain. The IDM system can provide IDM functionality to service instances located within various different customers'"'"' domains while enforcing isolation between those domains. A cloud-wide identity store can contain identity information for multiple customers'"'"' domains, and a cloud-wide policy store can contain security policy information for multiple customers'"'"' domains. The multi-tenant IDM system can provide a delegation model in which a domain administrator can be appointed for each domain, and in which each domain administrator can delegate certain roles to other user identities belong to his domain. Service instance-specific administrators can be appointed by a domain administrator to administer to specific service instances within a domain.
194 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
creating a first identity domain through a shared identity management system; associating a first plurality of services with the first identity domain; sharing, among the first plurality of services, identities of a first set of users managed by the shared identity management system; creating, through the shared identity management system, a second identity domain that is isolated from the first identity domain; associating a second plurality of services with the second identity domain; and sharing, among the second plurality of services, identities of a second set of users managed by the shared identity management system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable storage memory storing particular instructions capable of causing one or more processors to perform specified operations, the particular instructions comprising:
-
instructions to create a plurality of identity domains within a cloud computing environment; instructions to enforce isolation between identity domains within the plurality of identity domains; instructions to add a service instance to a particular identity domain of the plurality of identity domains; instructions to store data associating the service instance with a particular partition of an identity store that stores identities for each identity domain of the plurality of identity domains; and instructions to store data associating the service instance with a particular partition of a policy store that stores policies for a plurality of services instances that are associated with different identity domains of the plurality of identity domains. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
one or more processors; and a computer-readable storage memory that stores particular instructions comprising; instructions to cause a single identity management (IDM) system to be established in a cloud computing environment; instructions to cause the single IDM system to provide IDM functions to a first service instance that is associated with a first identity domain that is defined within the cloud computing environment and that is isolated from a second identity domain that is defined within the cloud computing environment; and instructions to cause the single IDM system to provide IDM functions to a second service instance that is associated with the second identity domain. - View Dependent Claims (19, 20)
-
Specification