12 KiB
| title | chunk | source | category | tags | date_saved | instance |
|---|---|---|---|---|---|---|
| Federated identity - Glossary | MDN | 1/3 | https://developer.mozilla.org/en-US/docs/Glossary/Federated_identity | reference | web, html, css, javascript, documentation | 2026-05-05T05:31:15.281463+00:00 | kb-cron |
MDN HTML HTML: Markup language
HTML reference
HTML guides
Markup languages
CSS reference
CSS guides
Layout cookbook
JavaScriptJS JavaScript: Scripting language
JS reference
JS guides
Web APIs Web APIs: Programming interfaces
Web API reference
Web API guides
- Using the Web animation API
- Using the Fetch API
- Working with the History API
- Using the Web speech API
- Using web workers
Technologies
Topics
Learn Learn web development
Frontend developer course
- Getting started modules
- Core modules
- MDN Curriculum
- Check out the video course from Scrimba, our partner
Learn HTML
Learn CSS
Learn JavaScript
Tools Discover our tools
About Get to know MDN better
Federated identity
A federated identity system is one in which an identity provider (IdP) acts as an intermediary between users and relying parties, enabling a user to use a single set of credentials to authenticate with a number of different relying parties. Traditionally, on the web, a user will sign into a website with a username and a password, and the password is verified by the website against a (properly hashed and salted) copy stored on the website's backend. In this model, if users have multiple accounts with different websites, they have to remember many passwords, and this encourages bad password practices such as using the same password for multiple accounts. In a federated identity system, an identity provider:
- manages a user's credentials and can authenticate users
- is trusted by multiple websites to make assertions about a user's identity.
A user can then authenticate with the identity provider, which will return a token to the user's browser if authentication is successful. The user's browser will send the token to the website, which can verify that it was issued by the IdP. If the verification succeeds, the website can sign the user in. Federated identity is often provided as a service by corporations: for example, users who have Google, Microsoft, or Facebook accounts can use them to sign in to many websites. Websites typically have to implement a process for verifying tokens that is specific to an identity provider. However, open standards such as OpenID, OAuth, and SAML are widely used in the implementation of federated identity systems. Although federated identity makes logging into multiple different accounts much easier for users and can greatly improve security, it can have serious implications for a user's privacy. If not carefully designed, a federated identity system can allow identity providers to track users across the web as they sign into multiple different sites. Early federated identity systems on the web were built on technologies such as third-party cookies, which are intrinsically privacy-invasive. As these technologies are being deprecated by browsers, new approaches are needed. The Federated Credential Management (FedCM) API provides a standardized privacy-preserving mechanism for federated identity on the web.
In this article
See also
- Related glossary terms:
- Federated Credential Management (FedCM) API