US 12,074,862 B2
Unified identity and access management (IAM) control plane for services associated with a hybrid cloud
Travis Tripp, Fort Collins, CO (US); Craig W. Bryant, Fort Collins, CO (US); Ryan Brandt, Fort Collins, CO (US); Sonu Sudhakaran, Karnataka (IN); Joseph Keen, Fort Collins, CO (US); and Andrea Adams, Fort Collins, CO (US)
Assigned to Hewlett Packard Enterprise Development LP, Spring, TX (US)
Filed by Hewlett Packard Enterprise Development LP, Spring, TX (US)
Filed on Aug. 23, 2023, as Appl. No. 18/454,166.
Application 18/454,166 is a continuation of application No. 16/940,594, filed on Jul. 28, 2020, granted, now 11,770,372.
Prior Publication US 2023/0396603 A1, Dec. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 41/22 (2022.01); H04L 41/28 (2022.01); H04L 67/02 (2022.01)
CPC H04L 63/0815 (2013.01) [H04L 41/22 (2013.01); H04L 41/28 (2013.01); H04L 63/101 (2013.01); H04L 63/20 (2013.01); H04L 67/02 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a processing resource; and
a non-transitory computer-readable medium comprising instructions executable on the processing resource to:
cause presentation of a user interface through which users of a managed service provider (MSP) are able to configure permissions for and access a plurality of resources of different services with respective different levels of Identity and Access Management (IAM) support;
provide a unified IAM control plane including a plurality of application programming interfaces (APIs) that support integration of the different services into the unified IAM control plane;
provide a centralized IAM service containing information regarding the permissions for the plurality of resources of the different services, the centralized IAM service accessible by the users through the user interface to authorize access of the plurality of resources of the different services based on the permissions;
integrate, using a first API of the plurality of APIs, a first service of the different services into the unified IAM control plane, the first service being without an IAM implementation and the integration of the first service using the first API causing the centralized IAM service to maintain access control information for a resource of the first service;
integrate, using a second API of the plurality of APIs, a second service of the different services into the unified IAM control plane, the second service comprising an authorization system that provides built-in IAM in the second service, the authorization system to authenticate a user identity and to provide access of a resource of the second service; and
maintain consistency between the centralized IAM service and the authorization system of the second service based on communicating a change event to synchronize a change in a permission between the centralized IAM service and the authorization system of the second service.