Authenticating users and securely communicating authorization information with a cloud application – or any Web-based portal – requires a common endpoint acting as the enterprise IdP. We know you’ll need to be able to access multiple cloud applications, such as Salesforce, Workday and Google Apps, as your enterprise moves toward this model. We have seen that you’ll need many token translations on a per-application basis. But this is only one part of the requirement.
Another key function to support is being able to authenticate an incoming user against multiple internal authentication sources. Think about all the legacy applications and identity stores deployed across your infrastructure, with their various authentication methods and protocols. They’re all over the map, right? First, you encounter the Active Directory domains, and get lost in all those forests. The authentication method here could be name/UPN and password, or based on Kerberos and Windows-integrated authentication. But the user could also be stored in some SQL database with a proprietary hard-coded password encryption.