Federated Identity: What it is and how it works

The role of the identity provider

A good way to start to peel away some of the mystery is to understand the role of an identity provider (IDP.) An IDP is an organization responsible to create and manage online user identities. The IDP’s system authenticates the user whenever he/she tries to log in to an online application. In these situations, the IDP vouches for the authenticity of the user. The online application, in turn, trusts that the IDP has done its job and provides the verification.

The IDP keeps all the user profiles (data) in its own proprietary database. The “federation” aspect of this type of identity comes into play when two or more IDPs trust each other enough to share information.

More formally, identity federation is the process by which the responsibility for personal user authentication is delegated to an external partner.

IDPs tend to be extremely large organizations

IDPs today tend to be major online or social media giants like Facebook, Google, or Amazon. As a result, many people trust this method and use it for online access. It does make people’s online lives faster and easier. After all, you need to remember only one username and password in order to access multiple websites.

It’s similar to the single-sign-on (SSO) feature many organizations have used for years. The SSO function enables employees to access multiple different applications and tools after they authenticate and sign in once. The convenience is undeniable.

Federated ID works much like that, except in this case the single authentication gives a user access to multiple independent external entities.

Security Concerns of Identity Federation

The federated identity process is designed to share personal user information with a third party entrusted with authentication. How this information is processed, stored, protected, and shared has a direct impact on user security and privacy.

Most companies who adopt federation do so for only a handful of applications. It’s difficult to build a system in which all programs can be accessed using a single identity.

This subjects some areas of the network to security risks, including data breaches caused by the use of weak, easily hacked passwords.

Complicating the matter is many businesses lack comprehensive federated identity management plans. The rapid spread of the technology has left these enterprises without the capabilities to implement thorough information security management across the board.

Plus, not all providers within a federation conform to the same security standards. Therefore, the use of multiple providers creates additional points of vulnerability.

External security threats aren’t the only kind of threats out there

Mischief from black-hat insiders and identity theft, two common and troubling organizational security concerns, are also problematic. Companies who participate in a federated identity system need to be certain of the trustworthiness of their internal network users. They need robust authentication protocols in place to ensure each user is who he or she claims to be.

This is more than an idle academic concern at these organizations. Even when there’s no malicious intent, human error is real. A single compromised set of federated credentials can grant hackers access to multiple applications. It’s an open invitation for a major data breach to rocket across a network.

Privilege creep can also open the door to devastating breaches. An employee should only have the level of data access required for his or her job. Any temporary access necessary for short-term projects should be revoked as soon as it’s no longer needed. Automated solutions to grant or revoke access have become more common as enterprises seek to improve internal network security as a measure to reduce the risk of data loss or theft.

What federated identity looks like from the member perspective

As you may have noticed, federated identity systems have a lot of moving parts. This means there are weak spots ripe for data breaches.

Plus, the IDPs own the data, period. They can use it for whatever purposes they choose. The members have no ownership rights whatsoever to their own personal private data once it’s in the hands of an IDP.

Also, consider the enormous size of these IDP databases. The trillions of bytes of data stored in their databases are magnets to hackers attracted by the magnitude of the challenge.

MemberPass: the best digital ID for your members

MemberPass is the simple and secure replacement for federated identity. It’s a hassle-free way for members to prove their identities quickly and retain control and ownership of their private personal information. It’s also virtually impossible to hack and provides superb protection against identity theft and financial fraud.

MemberPass: the best digital ID solution for your credit union

MemberPass delivers a consistent, positive member experience across all channels and access methods. It reduces the incidence and expense of financial fraud and it builds trust with your members.

They’ll thank you once they see and appreciate the benefits of MemberPass digital ID. It’s fast, secure, virtually unhackable, and immune to identity theft. Plus, members own and control their personal information.

—

To request a MemberPass demo, email us to set one up. You can also register to attend a webinar or simply visit us online at www.memberpass.com to find out more.

The sooner you get started, the sooner your members will enjoy the benefits!

Bonifii, a credit union service organization, offers MemberPass, a simple, secure and convenient member identity verification method. MemberPass is a digital passport that provides members convenient access to their financial accounts while allowing control and privacy over their personal information. We leverage touchless technology to protect you and your members. Visit www.memberpass.com or email sales@memberpass.com.