PingFederate Server

Service providers and identity providers

Identity federation standards identify two operational roles in an SSO transaction: the identity provider (IdP) and the service provider (SP).

An IdP might be an enterprise that manages accounts for a large number of users who need secure access to the web-based applications or services of customers, suppliers, and business partners. An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Diagram illustrating secure single sign-on between the workforce identity provider and the cloud service provider.
Secure single sign-on

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP. The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.

A single instance of PingFederate provides complete support for both roles even when a single organization’s business processes encompass both SP and IdP use cases.