| CPC H04L 63/0823 (2013.01) [H04L 63/0876 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] | 15 Claims |
|
1. A computer-implemented method for registering an agent and providing access by the agent to a specific resource on a specific tenant on a multi-cell, multi-tenant software as a service (SaaS) platform, the method comprising:
receiving a request from a computing device for a token and an agent installer;
authenticating the request by communicating the token and the agent installer to the computing device, the token including a first endpoint;
receiving the token, a unique agent identity, and a certificate signing request (CSR) from the computing device at the first endpoint;
validating the token at the first endpoint by:
signing the CSR to create a signed CSR,
creating a first mapping of the signed CSR to the unique agent identity,
creating a second mapping of a security profile for the agent, the security profile including the unique agent identity mapped to a specific resource on a specific tenant on the SaaS platform, and
sending the signed CSR and a second endpoint to the agent;
receiving a request for a temporary credential from the agent at the second endpoint using the signed CSR;
validating the request for the temporary credential by comparing the signed CSR to the first mapping;
in response to validating the request for the temporary credential, generating the temporary credential using the second mapping and sending the temporary credential to the agent;
receiving an access request from the agent to the specific resource on the specific tenant using the temporary credential; and
providing access to the agent to the specific resource on the specific tenant based on the temporary credential.
|