Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all enterprises in the group. The use of such a system is sometimes called identity federation.
Identity federation links a user's identity across multiple security domains, each supporting its own identity management system. When two domains are federated, the user can authenticate to one domain, and then access resources in the other domain without having to log in a second time.
Identity federation offers economic advantages, as well as convenience, to enterprises and their network subscribers. For example, multiple corporations can share a single application, with resultant cost savings and consolidation of resources. Single sign-on (SSO) is an important component of identity federation, but it is not the same as identity federation.
In order for FIM to be effective, the partners must have a sense of mutual trust. Authorization messages among partners in an FIM system can be transmitted using Security Assertion Markup Language (SAML) or a similar XML standard that allows a user to log on once for affiliated but separate Web sites or networks.