Secure single sign-on to software applications

Assignee

• Okta, Inc. · US

Inventors

• Thomas M. Belote · San Francisco, US
• Hassen Karaa · Bellevue, US
• Christine Wang · Pflugerville, US
• Vinoth Jayaraman · Dublin, US
• Marc Powell · Providence, US
• Shaolin Shen · San Francisco, US
• Naveed Makhani · San Francisco, US
• Ankit Garg · Noida, IN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/083
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.