In this type of identity protocol, the authentication part is separated

from the application code and delegated to a trusted third party who

is called an “Identity Provider” or IdP which minimizes the

administrative overhead.

As shown in Figure 17.4, when the user tries to log into any third

party, the application in turn invokes the Identity Provider. The IdP

returns a token that the application shares with the third party. Now,

this third party can validate the token by directly interacting with the

IdP. Single Sign On or SSO belongs to this type of identity

management which can be architected in many different ways. Refer

to Figure 17.4, as follows:

Figure 17.4: Federated Identities

SSO has proved to be extremely useful for the users as they do not

have to log in again and again while traversing multiple websites

retaining the log in status. They also do not need to memorise

multiple passwords for each website in this process.