An Identity Broker is an intermediary service that connects multiple service providers (SP) with different identity providers (IdP). It is responsible for developing trustworthy relationships with external IdPs and utilizing their respective identities to gain access to the service providers’ internal services.
Businesses can link an existing account with one or more identities from various IdPs, or even create new identities based on the information obtained from them.
Using LoginRadius’ Identity Brokering, businesses do not require consumers to provide their credentials to authenticate. Instead, LoginRadius acts as an identity broker service between the Identity and Service Providers and enables the authentication process between the two using the industry-standard protocols.
Intend Behind the Launch
With LoginRadius Identity Brokering service, businesses can enjoy a seamless authentication experience and delegate all single sign-on requirements to a click of a button. A few other benefits include:
- Better flexibility: Businesses can easily configure IdPs of their choice, including Google, Facebook, Linked In, and even custom ones.
- Eliminate complexity: Businesses can delegate their SSO requirements to LoginRadius, thereby eliminating the need to understand and implement complex SSO protocols like SAML, OpenID, JWT, and OAuth.
- Verified digital identity: Businesses need not worry about verifying the consumers who authenticate themselves using configured IdPs. Such identities are already verified with respective IdPs.
Key Features Offered by LoginRadius
- Configurable IdP and SP: Businesses can choose from the list of pre-configured IdPs or configure a custom IdP by choosing the supported protocol and providing the required details in the LoginRadius Admin Console.
- Multiple protocol support: LoginRadius supports multiple SSO protocols like SAML, JWT, OAuth for identity brokering. Businesses can choose and configure their apps with LoginRadius for any of these protocols.
- SP and IdP Initiated SSO: LoginRadius supports both SP and IdP initiated SSO flows with the SAML protocol. SP initiated is where the consumer lands on the service provider and redirects the identity provider for authentication. From IdP, the consumer is redirected back to the SP with an authentication response. IdP initiated is where the consumer lands on the identity provider and then redirects to the service provider with an authentication response.
With Identity Brokering, businesses can skip the use of complex protocols and enjoy the luxury of simply calling an HTTPS endpoint—a much easier option to implement than understanding standards SSO protocols.
Moreover, businesses acquire flexibility and verified digital identities, whereas consumers gain a seamless authentication experience. A win-win for both parties!
*** This is a Security Bloggers Network syndicated blog from LoginRadius Identity Blog authored by Team LoginRadius. Read the original post at: https://www.loginradius.com/blog/start-with-identity/2021/01/loginradius-identity-brokering/