Secure resource authorization for external identities using remote principal objects
摘要
說明書
Flow diagram 400 begins at step 402 in which a user device 470 associated with tenant A 226 is authenticated to tenant 226. Authentication is performed with user credentials associated with the domain of tenant 226, and in embodiments, is performed via a tenant portal of portals 216. Step 402 is optional in embodiments for which the user of user device 470 authenticates via a different tenant portal (e.g., of tenant B/P 228) or via a system portal, i.e., an alternate portal, of portals 216 related to task creation in step 404, e.g., for a support task related to an identity problem in directory A 468 and requested to tenant B/P 228 as a support service. This alternate portal is configured to authorize the user of user device 470 to a limited space in the domain of tenant B/P 228 for creation of the task, e.g., a support task, based on user-domain credentials from tenant B/P 228, in step 404. That is, the IdP for tenant B/P 228, or for system 200, is configured to recognize the user of user device 470 for the purposes of generating task requests via portals 216. A reply indicating task creation is provided back in step 406.
