Skip to main content

Identity Brokering

Overview

An Identity Broker is an intermediate service that interconnects multiple SPs with different IdPs. As an intermediate service, the broker is accountable for establishing trust relationship with an external IdP to use the identities for accessing services exposed internally by SP.

From a user point of view, an identity broker enables a user-centric way to maintain identities across multiple realms. An account can be associated with one or more identities from multiple IdPs or can even be established based on the identity data obtained from them.

An IdP is generally based on a specific protocol that is used for authentication and authorization purposes. IdP can be any business vendors or partners or social providers (such as Facebook or Google) whose users require access to one or more services. It can also be a cloud-based identity service that you would like to integrate with.

IdPs are typically based on the following protocols:

  • OpenID Connect 1.0
  • OAuth 2.0
  • SAML 2.0

mID Provider(IAM) Brokering

When using mID Provider(IAM) platform for identity brokering, then users are not enforced to provide credentials for authentication against a realm. Instead, users are displayed with a list of IdPs through which they can authenticate themselves. mID Provider(IAM) identity brokering service provides following solutions out-of-the-box:

  • The capability to configure an IdP of your choice such as Ping Identity, OKTA, miniOrange, RSA, Facebook, Google, Twitter and many more.
  • When you have an IdP of your choice established, then mID Provider(IAM) platform allows you to use KOBIL specific MFA products on top to ensure advanced security.
  • mID Provider(IAM) platform also provides advanced Risk Bits Information from your mobile applications (integrated with mID SDK) as an additional security factor that could be used in Fraud Detection techniques.

A default IdP can also be configured via mID Provider(IAM) platform. If a default IdP is chosen, then users will not be given options, but they will be redirected to the default provider directly.

Benefits of mID Provider(IAM) Brokering Service

Following are some of the main benefits of using mIDentiy One Brokering service:

  • You do not need to understand any complicated SSO protocols such as Open ID, SAML and OAUTH.
  • You could enable applications using HTTPS calls easily.
  • You could enable social login to web applications without any difficulty of understanding how everything works.
  • When you obtain Access Tokens from any client applications, then you could insert a custom based code and extend the applications as you need.