Federated identity allows a user’s identity verified by one organization to be trusted and accepted by other organizations without requiring separate credentials for each. When you log into a third-party application using your Google or Microsoft account, federation is in action.
SAML, OAuth, and OpenID Connect are the protocols that make federation work. Enterprise federation lets employees use corporate credentials to access SaaS applications, partner portals, and cloud services without managing dozens of separate accounts.
CISSP Relevance
Federated identity is a key concept in Domain 5 (Identity and Access Management). CISSP candidates must understand federation protocols, trust relationships between identity providers and service providers, and how federation supports both usability and security in multi-organization environments.
External reference: NIST SP 800-63 Digital Identity Guidelines
Related terms: Single Sign-On, Authentication