This document described the used terminology and explanation for all the terms used by Federated Identity.
Federated Identity within information technology means the of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Protocols (SAML and OAuth)
SAML stand for Security Assertion Markup language and is an open-standard XML (Extensible Markup Language) data format for exchanging authentication and authorization data between parties.
OAuth stand for Open Authentication and is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
The default authentication methods within Synergy Enterprise are Windows and Basic Authentication. If you want to have more flexibility in the way users are authenticated you need to use one of those 2 supported protocols.
The Lightweight Directory Access Protocol (LDAP)
LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Security Providers (Microsoft Entra ID) Token based authentication
Microsoft Entra ID is a cloud service that provides administrators the ability to manage user identities and access privileges.
Using Microsoft Entra ID is also possible to setup MFA and SSO (see next section).
MFA (Multi Factor Authentication) or 2FA Two-Factor Authentication.
MFA is a method of authentication that requires more than one verification method and adds a critical second (or multiple) layer(s) of security to user sign-ins.
An example is Google Authentication, within the Microsoft Entra ID token provided you can setup a MFA (security provider) so after the user signs in, the user needs to use an application on his mobile device to enter a second authentication to get access to Synergy Enterprise.
Single Sign On (SSO)
SSO provides the user the ability to login to for example Gmail or Facebook and once the user is authenticated by such a party, we can also entrust our Synergy Enterprise application to automatically logon. This means that the user only have to login (authenticate) once and then can access multiple applications.
Active Directory Federated Services (ADFS)
AD FS is a standards-based Windows service that allows the secure sharing of identity information (users) between trusted business partners (known as a federation) across an extranet.
When a user needs to access a Web application (like ESE) from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions.