This page provides a concise overview of the following topics:

• What is an identity provider?
• Identity providers supported by the Unifyia platform
• Unifyia platform as an identity broker
• Rationale in integrating IdPs with the Unifyia platform
• Unifyia Platform Identity Brokerage Flow

Overview

When building an identity and access management system, it's crucial to offer the option of leveraging existing authentication systems within organizations. This allows organizations intending to incorporate modern identity management systems into their current architecture to encounter fewer obstacles in their ongoing operations. This approach facilitates the integration of agile, contemporary identity and access management solutions. Partnering with authentication providers brings numerous benefits in terms of scalability, user-friendliness, and security.

Keeping the above premise in mind, the Unifyia platform has been developed to integrate multiple types of data sources such as identity providers (IdPs), SCIM (System for Cross-domain Identity Management) services, directories, enterprise connections for user and identity federation leveraging OAuth 2.0, SAML (Security Assertion Markup Language) and OIDC (OpenID Connect) protocols. The platform has the capability to function both as an identity provider and an identity broker leveraging both the SAML v2.0 and OpenID Connect v1.0 protocols to synchronize users and groups.

What is an Identity Provider?

An identity provider (IdP) is a centralized service for the management of user identities, authentication, and authorization processes. This simplifies administration tasks and reduces the complexity of managing user credentials across multiple systems as the authentication process is centralized. It authenticates users and provides them with access to resources, applications, or services based on their identity credentials.

Integrating IdP allows to enable SSO functionality, allowing users to access multiple applications or services with a single set of login credentials thus reducing the need to remember and input multiple passwords. It improves security as IdP integrations allow for multi-factor authentication and federated identity management by using protocols such as SAML (Security Assertion Markup Language), OAuth, and OIDC (OpenID Connect) to facilitate the secure exchange of authentication and authorization data.

With the Unifyia platform, you can effortlessly integrate IdPs to centrally manage users and their identities by enabling user provisioning, synchronization, and SSO for federated identity management. The platform supports identity brokering for IdPs based on both the OIDC v1.0 and SAML 2.0 protocols provided they support the Authorization Code Flow defined in the specification to authenticate users and authorize access.

Supported IdPs

The Unifyia platform supports the integration of the following IdPs:

Microsoft Entra

Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services and other third-party services. You can integrate Entra ID as an IdP using the OIDC and SAML protocols on the Unifyia platform and leverage the existing user credentials to log into the Unifyia platform.

Okta

Okta is an enterprise-grade, identity management service that helps IT to manage an employee's access to applications or devices in an organization. You can integrate Okta as an IdP using the OIDC and SAML protocols on the Unifyia platform and enable single sign-on for users to log into the platform using Okta credentials.

Identity Brokerage with Unifyia Platform

Key Concepts

The Unifyia platform acts as an intermediary service, also known as the identity broker, that acts as a bridge between different identity providers (IdPs) and service providers (SPs). This enables users to authenticate with a single identity provider and gain access to multiple services or applications without needing separate credentials for each one.

Why should you integrate IdPs with the Unifyia platform?

Integrating Identity Providers (IdPs) allows organizations to enhance security, improve user experience with single sign-on, centralize identity management, ensure compliance, and boost operational efficiency. By integrating multiple IdPs, users can authenticate with their preferred or existing identity providers once and gain access to multiple Service Providers (SPs). This eliminates the need for users to remember multiple sets of credentials. Service Providers only need to integrate with the identity broker (such as the Unifyia platform), rather than individually integrating with multiple IdPs. Leveraging identity broker services provides a centralized point for managing authentication policies, user mappings, and transformations. This enables users to authenticate once with their IdP and access multiple SPs, further reducing the need to remember multiple sets of credentials.

Unifyia Platform Identity Brokerage Flow

Once an IdP is integrated with the Unifyia Platform, you will notice a button with the name/logo of the IdP on the platform’s sign-in page.

1. User Request: A user attempts to access the Unifyia Platform (SP) that requires authentication using the existing credentials of the integrated IdP. The user selects their IdP and is redirected to that IdP’s login page.
2. Authentication: The user authenticates with the chosen IdP using their credentials.
3. Response Handling: Upon successful authentication, the IdP sends an authentication response (containing identity information) back to the Unifyia platform (identity broker).
4. Mapping and Transformation: The Unifyia platform may map and transform the received identity information to fit the requirements of the SP.
5. Access Granted: The identity broker sends the transformed authentication response to the SP, granting the user access to the service.