Federated identity is a computer function that allows a business or other computer user to login to a system once and gain access to multiple areas that otherwise would require an individual login for each. For example, a business may deal with many different suppliers, distributors and manufacturers; with a federated identity, the business performs one login instead of a separate login for each business. This is done by passing the authentication from one system to another, and each system trusts the other systems. Along with making it easier for the person logging in, businesses using federated identity do not have to share authentication technology. A drawback of using a federated identity is that, if the system passing on the authentication is not secure, then security can be compromised for the whole system.
Both businesses and consumers deal with multiple businesses all the time. On the business side, they will have to deal with all parts of the supply chain, while consumers also purchase products and services from different companies. Without a federated identity, the business or consumer would have to perform an authentication and login for each business, so the business could knows the person is real and safe.
To ensure the business or consumer is considered safe, he or she will have to perform one login using federated identity. After he or she is authenticated, the business uses a standard security language to inform all the affiliate businesses that this person is authentic and not a hazard. From there, the business or consumer can go through all affiliated systems, without having to perform another login procedure. This saves time for the business or consumer and means fewer resources will be needed for each business to perform the various authentications.
While having to perform a single login is its own benefit, there are other benefits to using federated identity. The single login procedure can be duplicated without a federated system, but only if each business has the same directory service, which is not always the case. The federated system is standard, so it can be passed to other businesses, regardless of what directory service they are using.
A federated identity will commonly only allow secure members access, but there can be a drawback. If the business authenticating the user is not secure, then this gives a malicious user a much broader area of access. Instead of being able to infiltrate one system, the malicious user will be able to access all the federated systems from the single login.