WSO2Con2025 Logo

March 18-20 | Barcelona, Spaain

 

Identity Federation

Simplify user login to websites and applications managed by other affiliated organizations.

Give users instant access to key applications they need to do their job, without the need to set up additional accounts and remember more passwords.

Try Asgardeo
Identity Federation hero image

What is Identity Federation?

Identity federation is a concept in identity and access management that streamlines user access across linked organizations. It occurs when two or more affiliated organizations create trust agreements, where each organization allows access to their resources by the other organizations’ authenticated users.

For example, a manufacturer may establish a federated identity relationship with one of its key distributors, to make it easier for the distributor’s employees to order new inventory from the manufacturer. With identity federation, there is no need to set up and manage user accounts for each of the distributor’s employees. As long as they are authenticated within the distributor's own identity system, users can access the manufacturer’s inventory app without having to log in.

Identity federation is especially useful in any context where organizations need to provide secure access to resources across multiple domains or networks.

  • Business-to-business (B2B) relationships: Employees can access partner websites, applications, and resources without separate logins.
  • Healthcare: Patients and healthcare professionals can access multiple systems and services using a single set of credentials.
  • Government services: Citizens can use their national identity credentials to access various government services.
  • Education: Students can use their school credentials to access different educational resources and platforms.
  • Mergers and acquisitions: Organizations can provide access to users outside the traditional corporate perimeter.

Benefits of Identity Federation

For Users

With identity federation, users can access other organizations’ resources without having to log in to them, as long as they are properly authenticated to their own organization’s system.

Users enjoy instant access to key applications they need to do their job, without waiting for an account to be created for them, and without the ongoing need to remember another username and password.

For Users
For Organizations

For Organizations

Identity federation minimizes the administrative time and expense required to create and manage accounts for other organizations’ users.

Security is enhanced by reducing the risk of password reuse and interception, since users only need to authenticate to their own organization’s identity system. Furthermore, if a user leaves their organization, any access to other organizations’ applications is instantly disabled.

The risk of data breach is also reduced, because users’ account information is not stored in other organizations’ systems.

How Does Identity Federation Work?

identity provider

Identity Provider (IdP)

The IdP is the place where digital identity is stored and managed. This could be an organization’s login system or a specialized identity service.

service provider

Service Provider (SP)

The SP is the website, application, or system that users need to access.

trust relationship

Trust Relationship

The IdP and SP have a trust agreement, which means the SP trusts the IdP to verify a user’s identity. When users try to log in to the SP, they are redirected to the IdP for authentication.

authentication process

Authentication Process

The user logs into the IdP, and once verified, the IdP sends a secure token or message to the SP, confirming the user’s identity. This allows the user to access the SP without needing to log in again.

industry standards

Industry Standards

Identity federation relies on several standards that ensure maximum interoperability with robust security. Popular federation standards include OAuth 2.0, OpenID Connect, and SAML.

Related Capabilities

Single Sign-On (SSO)

Single Sign-On (SSO)
 

Read More
Passwordless Authentication

Passwordless Authentication

Read More
Social Login and BYOI

Social Login and BYOI
 

Read More