An identity provider (IdP) is a digital service that stores and manages identity information for businesses. IdPs provide authentication services to service providers (SPs), such as websites and web applications. A company's IdP holds user credentials and identifies those users when they are signing in to third-party SPs.

 

Organizations use IdPs to allow their employees or users to access accounts and connect only with the data and resources they are authorized to use. IdPs are a great way for organizations to remain secure while reducing the number of accounts and passwords required.

 

If a user needs to sign in to a third-party web application, the web application redirects them to their IdP. The IdP then prompts the user to enter their credentials. After verifying these credentials, the IdP redirects the user to the web application and the user is automatically signed in. Here, the third-party application doesn't actually receive the user's credentials; rather, the user is signed in directly through the IdP.

 

An IdP often works with single sign-on (SSO) providers to authenticate users. Once you add your domain in an IdP and enable SSO, your domain users can sign in to multiple applications with a single set of credentials, instead of using separate log in IDs every time. They can access applications directly from their IdP using the SSO service.

 

The SP needs identity authentication from the IdP to grant authorization to users, and the Security Assertion Markup Language (SAML) enables this data transfer between the two providers. The SAML assertions confidentially identify the user and check which resources they are authorized to access; the SP trusts the SAML assertions sent by the IdP. Thus, users will gain access to accounts and data based on the authorization.