Security Encyclopedia

Federated Identity Management (FIM)

Federated Identity Management, or Identity Federation, is a system that allows users at separate enterprises to use the same verification method for access to applications and other resources.

With FIM, each enterprise maintains its own identity management system yet they are interlinked through a third service — the identity provider — that stores the credentials and serves as a trust mechanism. Once trust is built, it is executed such that when users at different enterprises authenticate to the FIM, they are automatically given access to all resources tied to it without the need to re-authenticate to these resources. Users only provide credentials to the FIM service. They do not provide credentials to the resources tied to the FIM service.

Often, the partner enterprises in a FIM arrangement transmit authorizations using Security Assertion Markup Language (SAML) or similar XML standard. These exchanges allow the user to have a single sign-on (SSO) experience, however FIM and SSO are not synonymous. SSO is one component of FIM and the latter's architecture is more complex than the former's.

To date, some of the more well-known FIM examples include OpenID, OAuth, and Shibboleth.

More recent trends include Decentralized Identity and Passwordless Identity Management.


"Identity federation delivers efficiency to enterprises, as it allows them to streamline the processes for verifying their users. Instead of mandating their users re-authenticate to service after service, the trust needed to access many services is established once. It is then seamlessly communicated to subsequent services in an SSO-like experience."