Decision Point for Federated Identity and Cross-Domain Single Sign-On

Archived Published: 14 April 2015 ID: G00270982


Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

contact us online


How should organizations exchange identity and access management information across domains to support real-time sessions or transactions, especially SSO, to meet the increased need for identity federation driven by cloud (SaaS), mobile, social and the API economy?

Table of Contents

  • Decision Point Question
  • Decision Point Overview
    • Business Scenario
    • Architectural Context
    • Related Decisions
  • Principles, Requirements and Constraints
    • Principles
    • Requirements and Constraints
      • Requirements
      • Constraints
  • Alternatives
    • User Constituency Groupings
    • IDP Alternatives
      • Organization Is the IDP and Deploys the IDP Software On-Premises
      • Organization Is the IDP and Uses IDaaS
      • Partner Is the IDP
      • (Industry) Federation Hub
      • Social Identity Provider
      • Government IDP
    • RP Application Scope and Grouping
    • Standards Choices
      • SAML
      • Shibboleth
      • WS-Security
      • WS-*
      • OAuth
      • OpenID
      • OpenID Connect
      • Nonstandards Approaches
    • User (Including Devices and Services) Identification Choices
      • Identifying End Users
      • Identifying Devices
      • Identifying Software Services
    • Federation Topology Choices
    • Operational Security Choices
    • Trust Framework Choices
  • Future Developments
    • Relationship Management
    • Federated Provisioning
    • New Trust Frameworks
    • New Federation Hubs
    • Evolving Standards
    • Evolving Technology Offerings
  • Decision Tool
    • Who Are Your User Constituencies?
    • What Organization Should Be the IDP?
      • Organization Controls Existing User Store?
      • Assurance Level?
      • Existing Identity Hub?
      • Partner Needs to Run IDP?
      • IDP in Cloud?
      • Social Identity IDP
      • Industry Hub IDP
      • Government IDP
      • Use Partner's IDP
      • Define Trust Framework
      • IDaaS IDP
      • Run Own IDP
    • What RPs Should Be Included?
    • What Federation Standards and Integration Approaches Should Be Used?
      • RP Uses Federation Standards?
      • RP Is Mobile or RESTful App?
      • Already Using SAML?
      • Higher Education?
      • "RP Supports API?"
      • Use SAML and OAuth/OpenID Connect With an STS to Transform Tokens
      • OAuth/OpenID Connect
      • SAML 2.0
      • Shibboleth
      • Custom Connector
      • Password Vaulting
    • How Should Users (Including Devices and Services) Be Identified?
      • Identifying Individuals
      • Identifying Software Services or Devices
    • Should Federations Employ a Point-to-Point, Hub or Networked Topology?
    • What Are the Operational Security Considerations?
      • Assertion-Based Authentication Assurance
      • Secure Communications
    • What Trust Framework Should Be Used?
      • Leverage Existing Agreements or Trust Frameworks
  • Decision Justification
  • Recommended Reading
© 2015 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Free Research

Discover what 12,000 CIOs and Senior IT leaders already know.

Free Access

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more

Call +1 855-515-4486 or contact us

to become a Gartner client.