US2021385207A1PendingUtilityA1

Cross-platform single sign-on accessibility of a productivity application within a software as a service platform

55
Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Sep 9, 2016Filed: Aug 11, 2021Published: Dec 9, 2021
Est. expirySep 9, 2036(~10.2 yrs left)· nominal 20-yr term from priority
H04L 63/0815H04L 63/0884H04L 63/0807G06Q 10/10
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A method for providing single sign-on access to a productivity application integrated within a cloud-based service, the method comprising:
 receiving, by a proxy token service, a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application;   in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and   in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.   
     
     
         3 . The method of  claim 2 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
 searching a secure storage based on the account of the productivity application that is identified in the request.   
     
     
         4 . The method of  claim 2 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
 receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.   
     
     
         5 . The method of  claim 4 , wherein providing the computing system with the access token to access the productivity application comprises:
 transmitting the authorization code to the directory service to redeem the access token; and   receiving the access token from the directory service.   
     
     
         6 . The method of  claim 5 , further comprising:
 storing the access token in a secure storage and associated the access token with the account of the productivity application.   
     
     
         7 . The method of  claim 6 , further comprising:
 receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application;   accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and   providing the computing system with the access token to access the productivity application.   
     
     
         8 . The method of  claim 7 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service. 
     
     
         9 . A proxy token service for providing single sign-on access to a productivity application integrated within a cloud-based service, the proxy token service comprising:
 one or more computer processors; and   one or more machine readable mediums storing instructions that, when executed by the one or more computer processors, cause the proxy token service to perform operations comprising:   receiving a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application;   in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and   in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.   
     
     
         10 . The proxy token service of  claim 9 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
 searching a secure storage based on the account of the productivity application that is identified in the request.   
     
     
         11 . The proxy token service of  claim 9 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
 receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.   
     
     
         12 . The proxy token service of  claim 11 , wherein providing the computing system with the access token to access the productivity application comprises:
 transmitting the authorization code to the directory service to redeem the access token; and   receiving the access token from the directory service.   
     
     
         13 . The proxy token service of  claim 12 , the operations further comprising:
 storing the access token in a secure storage and associated the access token with the account of the productivity application.   
     
     
         14 . The proxy token service of  claim 13 , the operations further comprising:
 receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application;   accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and   providing the computing system with the access token to access the productivity application.   
     
     
         15 . The proxy token service of  claim 14 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service. 
     
     
         16 . A machine readable medium storing instructions for providing single sign-on access to a productivity application integrated within a cloud-based service, the instructions, when executed by one or more computer processors of a proxy token service, causing the proxy token service to perform operations comprising:
 receiving a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application;   in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and   in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.   
     
     
         17 . The machine readable medium of  claim 16 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
 searching a secure storage based on the account of the productivity application that is identified in the request.   
     
     
         18 . The machine readable medium of  claim 16 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
 receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.   
     
     
         19 . The machine readable medium of  claim 18 , wherein providing the computing system with the access token to access the productivity application comprises:
 transmitting the authorization code to the directory service to redeem the access token; and   receiving the access token from the directory service.   
     
     
         20 . The machine readable medium of  claim 19 , the operations further comprising:
 storing the access token in a secure storage and associated the access token with the account of the productivity application;   receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application;   accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and   providing the computing system with the access token to access the productivity application.   
     
     
         21 . The machine readable medium of  claim 20 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.