Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
Identity Providers and Service Providers | Ping Identity
Identity Fundamentals
What is Identity and Access Management (IAM)?
Identity Providers and Service Providers
Centralized Identity Management
What is Centralized Identity Management?
How Does Centralized Identity Management Work?
Centralized Identity Standards
SAML
OAuth
OpenID Connect (OIDC)
Decentralized Identity Management
What is Decentralized Identity Management?
How Does Decentralized Identity Management Work?
How is Decentralized Identity Different?
Decentralized Identity Standards
Common Terms
Zero Trust Security
Orchestration
Authentication
Single-factor, Two-factor, and Multi-factor Authentication
Passwordless Authentication
FIDO (Fast Identity Online)
Risk-based Authentication
Certificate-based Authentication
Token-based Authentication
Single Sign-On (SSO)
Federated Identity Management
Continuous Authentication
CHAP Authentication
Authorization
Authorization Methods
User and Account Provisioning
Single Sign-on with a Directory
Dynamic Authorization
Protocols
LDAP
SCIM
WebAuthn
Kerberos
WS-Trust
What Is B2B Identity and Access Management (B2B IAM)
Expand All | Collapse All

Identity Providers and Service Providers

 

Identity federation standards identify two operational roles in the identity and access management (IAM) and federated networks: the identity provider (IdP) and the service provider (SP). The IdP authenticates the user and provides the SP with the identity information that it requires to grant access to the services and resources that the user needs to do their job.

 

Identity federation allows both providers to define a trust relationship where the SP provides access to resources using identity information provided by the IdP.

When a user requests access to a resource:
 

  1. The SP sends the user to the IdP for authentication.
     

  2. The IdP prompts the user for authentication and verifies the user identity with user information such as usernames, passwords, biometric information, or passwords.
     

  3. After the user has been authenticated by the IdP, a trusted authentication token (containing the information used to authenticate the user) is sent to the SP.
     

  4. The SP checks for the verified user information and grants the user access to a resource.
     

What is an IdP?


An IdP is a federation partner, organization, or business responsible for managing a user's digital identity and provides identity authentication and verification services, also known as identity as a service (IDaaS). It can manage and verify various identity information, such as usernames, passwords, or biometric information, to vouch for the identity of a user to a relying application or SP.


When the federation protocol is OpenID Connect (OIDC), an IdP is also called an OpenID Provider (OP).


How does an IdP work?


When a user requests access to a resource, the SP sends the user to the IdP for authentication. The IdP authenticates and checks the identity of the user against the identity information managed by the IdP. After the IdP validates the user's identity, it issues an authentication token that includes the user's information to verify the identity of the user to the SP.


Why use an IdP?


An IdP securely manages your user identity information and authorizes users to access your organization's resources from a central location. When an IdP is used to oversee the management and verification of user identities, it frees the SP from this responsibility.

 

What is an SP?

 

An SP is a federation partner, organization, or business that offers individuals or enterprises access to application resources, such as software as a service (SaaS) applications, for work-related or personal purposes. Some federation protocols use different terms for the service provider role, such as relying party (RP) or consumer.

 

How does an SP work?

 

The role of the SP is to consume the trusted authentication token assertion sent by the IdP. SPs don't authenticate users, and they rely on the IdP to verify the identity of a user. After the SP receives the token, it checks for the verified user information and then creates an application session for the user.

 

Why use an SP?

 

The SP offers a service for an enterprise or individual wanting to simplify client access to its services and resources, freeing the organization from the responsibility of providing access to these services.

 

Related Resources

Blog

The 11 Best Identity and Access Management (IAM) Tools

   

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.