Federated Identity Management (FIM)
Federated Identity Management, or Identity Federation, is a system that allows users at separate enterprises to use the same verification method for access to applications and other resources.
With FIM, each enterprise maintains its own identity management system yet they are interlinked through a third service — the identity provider — that stores the credentials and serves as a trust mechanism. Once trust is built, it is executed such that when users at different enterprises authenticate to the FIM, they are automatically given access to all resources tied to it without the need to re-authenticate to these resources. Users only provide credentials to the FIM service. They do not provide credentials to the resources tied to the FIM service.
Often, the partner enterprises in a FIM arrangement transmit authorizations using Security Assertion Markup Language (SAML) or similar XML standard. These exchanges allow the user to have a single sign-on (SSO) experience, however FIM and SSO are not synonymous. SSO is one component of FIM and the latter’s architecture is more complex than the former’s.
To date, some of the more well-known FIM examples include OpenID and OAuth, and Shibboleth.
“We started using a federated identity service to interact with several mutual applications that we and our partners use. This cuts down on the logins required to access the apps, and it allows all of our partners to access the apps without us having to grant access to our systems.”