US 11,700,278 B2
Access management system with a multi-environment policy
Bhuvaneshwari Krishnamurthi, Redmond, WA (US); Janani Vasudevan, Boulder, CO (US); Harsha Vardhan Sanagaram, Bothell, WA (US); Corbin C. Rogerson, Bellevue, WA (US); Sandeep Kalarickal, Kirkland, WA (US); Kahren Tevosyan, Kirkland, WA (US); and Thomas Charles Knudson, Draper, UT (US)
Assigned to Microsoft Technology Licensing, LLC
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Jun. 30, 2019, as Appl. No. 16/458,173.
Prior Publication US 2020/0412765 A1, Dec. 31, 2020
Int. Cl. H04L 9/40 (2022.01); G06Q 30/018 (2023.01)
CPC H04L 63/20 (2013.01) [H04L 63/104 (2013.01); G06Q 30/018 (2013.01)] 20 Claims
OG exemplary drawing
 
1. An access management system for providing access to computing environments based on a multi-environment policy, the system comprising:
one or more processors; and
one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to execute:
an access control manager configured for:
receiving request values of a request associated with a computing environment,
wherein the access control manager comprises programmed instructions that define integrated access provisioning operations for combined provisioning of access to provider-controlled computing environments and customer-controlled computing environment;
wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment;
wherein the computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values;
wherein the functional categories are associated with corresponding access provisioning operations that are defined and performed for different subscriptions to provide isolated access approval in a distributed computing environment;
wherein the enumerated values comprise different sets of support administrator operations that correspond to the plurality of access vectors;
wherein the multi-environment policy is a single policy configurable to define rules based on the plurality of access vectors for approving access to both provider-controlled computing environments and customer-controlled computing environments, wherein the rules are associated with both provider parameters and customer parameters for accessing selected computing environments;
based on the request values, determining whether the request is for a provider-controlled computing environment associated with the provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors, wherein the request values correspond to policy parameters of the multi-environment policy;
based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment, wherein the approval-request parameters are defined based on the plurality of access vectors;
receiving the approval-request response values for the approval-request; and
based on receiving the approval-request response values, communicating a request response indicating approval or denial of the request.