Federated identity (FID) is a generic term for establishing a person's digital identity by delegating to a trusted 3rd party as opposed to a centralized domain of trust. It refers to where the user stores their credentials.
The trusted 3rd party is the identity provider (IdP). When accessing a new service, you have probably been presented with Sign in with Facebook or Sign in with Google as an alternative to creating a new user account.
For you as a user, this means that you can use your existing account to sign in to multiple services - fewer passwords to remember.
For you as an administrator, this means that you can set up a SuperOffice account simply by linking it to the federated ID.
Federated identity is related to single sign-on (SSO), however, SSO only pertains to the authentication part of federated identity management.
How does it work?
When the user signs in to a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials. The user never provides credentials directly to anyone except for the identity provider.
Which identity providers do you support?
Today we support 2 different 3rd-party identity providers:
For other identity providers, please give your feedback, and we will look into adding support for it.
Do I set it for all or for individual users?
To use SuperID as the authentication method is enabled per site, and not per user. We do this by migrating the site to SuperID on request.
Whether users sign in with a password or via a federated sign-in service after you have enabled SuperID, depends on 2 things:
If you answer yes to both questions, the federated identity is used. Otherwise, SuperID falls back to password-based sign-in.
Some user can have federated sign-in, and some password - but all user accounts on the tenant are converted to SuperID.
Why should I use federated IDs?
It is easier for the user to sign in and it increases the security of your identity management solution.
Simplified sign-in: uses your existing Microsoft or Google credentials. No SuperOffice password required.
Automatic sign-in if you have an active browser session (if supported by the IdP!)
Multi-factor authentication (MFA) / Two-factor authentication (2FA) / Two-step verification (if supported by the IdP!)
Leaner identity management in the SuperOffice Admin client: entering the federated ID (UPN) will save you from typing in details.