With an enterprise identity management system, rather than having separate credentials for each system, a user will have a single digital identity to access all resources to which the user is entitled. Federated identity management extends this approach beyond the enterprise level, creating a trusted authority for digital identities across multiple organizations. In a federated system, participating organizations share identity attributes based on agreed-upon standards, facilitating authentication from other members of the federation and granting appropriate access to resources. This approach streamlines access to digital assets while protecting restricted resources.
When a user affiliated with a member of a federation requests a protected resource from another member organization, the user is prompted for identifying information. This request is passed to the identity provider, which verifies the users credentials and asserts to the requesting organization that the user has been authenticated. Federation members determine individually which attributes about users will be shared, such as name, title, or role. Based on this information and their respective policies, member organizations then grant or deny access to particular resources. Users need only one set of authentication credentials which could be a name and password or some other identity token to access resources from other federation members. As a result, federated identity management separates access from the establishment of identity and authorization. Institutions no longer have to create and maintain large numbers of user credentials, instead managing identities only for their own users and accepting credentials from other federation members.