Before diving into the benefits of a cloud federation (SAML or WS-Federation) broker, let me first cover what it is.  You can think of a cloud federation broker as a gateway or proxy server that all federation request go through.  Optimal IdM’s federation broker (The OptimalCloud) is a cloud service that contains one or more trusts to an on premise Identity Provider (IdP) or trust to a customer/business partner, which users authenticate with their local credentials, and a trust for each federated application (both on premise and cloud hosted applications), see picture below.   broker-mode-graphic The main benefit for this federation model, is to limit the administration burden of the corporate IT staff in terms of supporting the future of hundreds and even thousands of federated applications that are currently being deployed or will be deployed.  In this case, the IT staff is constantly having to work with each and every application team to setup and troubleshoot that application roll-out. With the federation broker, all of that administration is done by the cloud broker staff at Optimal IdM.  The central IT staff only has to setup the trust with the broker for their IdP, then provide documentation to each application team with instructions on how to integrate with the cloud broker.  The typical cost of this solution is less than 1 full-time employee, but the benefits are far reaching that include the following:

  • Increased security and control.
  • Reduction in IT costs to support growing federation infrastructure.
  • Eliminates federated application deployments.
  • Audit and compliance using our Cloud Reporting solution that tracks all activity in pretty charts/graphs/etc.
  • Federation experts that can quickly troubleshoot any configuration/setup issues with applications.
  • Highly scalable and geo-redundant cloud infrastructure where uses in different geographic regions go to the closest (or fastest) servers deployed (18 global regions available)
  • Fixed monthly costs (NO PER USER/MO CHARGES).  * Additional fees only required when adding servers/regions.
  • Dedicated/Private servers just for your organization and not co-mingled with other organizations.
  • Complete concierge, “zero config” service that includes enterprise level customizations for your unique business requirements/needs.
  • Identities are NOT required to be synced to our cloud!
  • Support for ALL federation standards including SAML, WS-Trust, OAuth2, OpenID Connect, etc.
  • Optional cloud hosted identities for external users or business partners.  This includes self-registration, workflow approvals and an identity management component.
  • Developer Portal where developers can go to quickly download sample code that is built on the fly and can be compiled/used without making any changes!!

For more information please download our whitepaper:  Why The OptimalCloud, or contact us.

Why The OptimalCloud       Contact Us 



  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.