| CPC H04L 63/0815 (2013.01) [H04L 63/0236 (2013.01); H04L 63/101 (2013.01)] | 12 Claims |
|
1. A method in a cloud-based Identity and Access Management (IAM) device coupled to a data communication network, for utilizing user authentication to on-premises active directories of a private network to establish Single Sign-On (SSO) user authentication status for cloud-based applications on the data communication network, the method comprising the steps of:
receiving a domain login status notification by an agent on a user device indicating that a user has logged on to an on-premises active directory located on a private network, wherein the status notification includes an identify of the user and an identity of the user device;
retrieving, from the on-premises active directory, user attributes including group information for the user, wherein a secure connection has been established to the on-premises active directory using a zero trust tunnel based on TCP forwarding, the group information includes applications authorized for user;
establishing an SSO session for the user based on the authentication status to the on-premises active directory, including authorized applications;
receiving an authentication request, from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications;
responsive to recognizing the user of the authentication request being associated with the established SSO session, returning an assertion to the gateway that the user is authenticated to access the service provider;
receiving an authentication request, from the service provider, for access to a specific application; and
responsive to the group information associated with the user, returning an assertion to the service provider that user is authenticated for use of the specific application.
|