Before diving into the benefits of a cloud federation (SAML or WS-Federation) broker, let me first cover what it is. You can think of a cloud federation broker as a gateway or proxy server that all federation request go through. Optimal IdM’s federation broker (The OptimalCloud) is a cloud service that contains one or more trusts to an on premise Identity Provider (IdP) or trust to a customer/business partner, which users authenticate with their local credentials, and a trust for each federated application (both on premise and cloud hosted applications), see picture below.
The main benefit for this federation model, is to limit the administration burden of the corporate IT staff in terms of supporting the future of hundreds and even thousands of federated applications that are currently being deployed or will be deployed. In this case, the IT staff is constantly having to work with each and every application team to setup and troubleshoot that application roll-out.
With the federation broker, all of that administration is done by the cloud broker staff at Optimal IdM. The central IT staff only has to setup the trust with the broker for their IdP, then provide documentation to each application team with instructions on how to integrate with the cloud broker. The typical cost of this solution is less than 1 full-time employee, but the benefits are far reaching that include the following:
- Increased security and control.
- Reduction in IT costs to support growing federation infrastructure.
- Eliminates federated application deployments.
- Audit and compliance using our Cloud Reporting solution that tracks all activity in pretty charts/graphs/etc.
- Federation experts that can quickly troubleshoot any configuration/setup issues with applications.
- Highly scalable and geo-redundant cloud infrastructure where uses in different geographic regions go to the closest (or fastest) servers deployed (18 global regions available)
- Fixed monthly costs (NO PER USER/MO CHARGES). * Additional fees only required when adding servers/regions.
- Dedicated/Private servers just for your organization and not co-mingled with other organizations.
- Complete “white-glove” service that includes enterprise level customizations for your unique business requirements/needs.
- Identities are NOT required to be synced to our cloud!
- Support for ALL federation standards including SAML, WS-Trust, OAuth2, OpenID Connect, etc.
- Optional cloud hosted identities for external users or business partners. This includes self-registration, workflow approvals and an identity management component.
- Developer Portal where developers can go to quickly download sample code that is built on the fly and can be compiled/used without making any changes!!