Identity Provider Proxy

The Cirrus Identity Provider Proxy can be just the glue you need to piece together a variety of vendor solutions with your enterprise identity platform, federated partners and social login.

banner-identity-provider-proxy.png
 

A Single Integration Point

You’ve just found the perfect application for your organization. The vendor even says it supports SAML for authentication — BONUS! Wait, you need folks to login from multiple campuses as well as the Cirrus Identity Social Gateway. Now the vendor says they only support bilateral SAML integrations between the application and a single identity provider.

The Cirrus Identity Provider Proxy can be the single IdP for your application, and handle the integration with multiple federated identity providers (including the Cirrus Identity Social Gateway). Our Proxy integrates with our Discovery Service so you can quickly configure a user-friendly login screen that presents users with social and enterprise identity provider options.

 
 

You Need to Federate, But Your Application Doesn’t Know How

Many very compelling vendor applications have integrated SAML authentication, but can only support bilateral integrations – their application on one side and your identity provider on the other. Often times you want to allow users to choose from a number of identity providers. After all, that’s a primary reason you’ve invested in federated identity management in the first place.

The Cirrus Identity Provider Proxy can be the single IdP for your application, and handle the integration with multiple federated identity providers (including the Cirrus Identity Social Gateway). Our Proxy integrates with our Discovery Service so you can quickly configure a user-friendly login screen that presents users with social and enterprise identity provider options.

Cirrus+Identity+Light+Blue+Banner.png
 
 
 
 
infographic-identity-provider.png

How We Work

For many organizations, the Cirrus Identity Provider Proxy becomes a central integration point. One side is a single identity provider endpoint that integrates with applications supporting enterprise SSO integration.

  • Users can choose from enterprise identities, custom identities, social login, or federated partner identities (on left) when access enterprise applications (on the right).

  • The Identity provider proxy is metadata aware (InCommon, eduGAIN, custom metadata).

  • Fully integrated with other Cirrus Identity Solutions, including Account Linking.

  • Leverages the configurable Cirrus Identity Discovery Service.

  • Advanced attribute assertion capabilities for all proxy transactions or based on Service Provider requirements.

  • Advanced attribute assertion capabilities for all proxy transactions or based on Service Provider requirements

  • Can translate protocols from IdP (SAML) to Service Providers (CAS)

Common Uses

Single IdP Endpoint

Provide multiple login options (enterprise, federated, and social) with applications that only support bilateral SAML integrations

Assert Linked Attributes

Integrate with the Cirrus Account Linking service to enable assertion of enterprise identifiers when a user logs on with an external identity (social login or our hosted External Identity service)

Custom Attributes

Define custom attribute release policies per service

Protocol Translation

Present CAS assertions when a user logs in with a SAML identity provider

Get the Latest Product Updates