Overview

Identity and Access Management (IAM) Federation is a system that offers users a seamless authentication experience when logging in to the Data Center Designer (DCD). Using an Identity Provider (IDP) to authenticate the users allows them to share their identity information and proceed with linking the user account with DCD. It also enables Single Sign-On (SSO) when users wants to log in to the DCD using IDP.

When users log in to the DCD with their organization credentials, all services and resources accessed within the DCD remain the same as when they log in using their IONOS Cloud account.

IAM Federation workflow

The IAM Federation works as follows:

1. Identity Provider (IDP): The organization sets up an IDP responsible for authenticating users and providing their identity information to other entities.

2. Service Provider (SP): IONOS Cloud, which wants to allow users to access its resources, such as DCD. For more information, see Configure IAM Federation.

3. Federation Protocol: The IDP and SP agree on a federation protocol, such as SAML (Security Assertion Markup Language), OpenID Connect, or OAuth, to facilitate the exchange of identity information.

4. User Authentication: When users try to access a resource from IONOS, they are redirected to the IDP for authentication.

5. Authentication and Authorization: The IDP authenticates the user and provides an authentication response to IONOS, which includes the user's identity information and authorization attributes.

6. Access to Resources: IONOS Cloud then uses the authentication response to grant access to the requested resources, eliminating the need for the user to log in again to the DCD.