Cross-platform single sign-on accessibility of a productivity application within a software as a service platform
Abstract
A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.
Claims
exact text as granted — not AI-modified1 . (canceled)
2 . A method for providing single sign-on access to a productivity application integrated within a cloud-based service, the method comprising:
receiving, by a proxy token service, a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application; in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.
3 . The method of claim 2 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
searching a secure storage based on the account of the productivity application that is identified in the request.
4 . The method of claim 2 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.
5 . The method of claim 4 , wherein providing the computing system with the access token to access the productivity application comprises:
transmitting the authorization code to the directory service to redeem the access token; and receiving the access token from the directory service.
6 . The method of claim 5 , further comprising:
storing the access token in a secure storage and associated the access token with the account of the productivity application.
7 . The method of claim 6 , further comprising:
receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application; accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and providing the computing system with the access token to access the productivity application.
8 . The method of claim 7 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service.
9 . A proxy token service for providing single sign-on access to a productivity application integrated within a cloud-based service, the proxy token service comprising:
one or more computer processors; and one or more machine readable mediums storing instructions that, when executed by the one or more computer processors, cause the proxy token service to perform operations comprising: receiving a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application; in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.
10 . The proxy token service of claim 9 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
searching a secure storage based on the account of the productivity application that is identified in the request.
11 . The proxy token service of claim 9 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.
12 . The proxy token service of claim 11 , wherein providing the computing system with the access token to access the productivity application comprises:
transmitting the authorization code to the directory service to redeem the access token; and receiving the access token from the directory service.
13 . The proxy token service of claim 12 , the operations further comprising:
storing the access token in a secure storage and associated the access token with the account of the productivity application.
14 . The proxy token service of claim 13 , the operations further comprising:
receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application; accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and providing the computing system with the access token to access the productivity application.
15 . The proxy token service of claim 14 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service.
16 . A machine readable medium storing instructions for providing single sign-on access to a productivity application integrated within a cloud-based service, the instructions, when executed by one or more computer processors of a proxy token service, causing the proxy token service to perform operations comprising:
receiving a request from a computing system providing the cloud-based service, the request having been transmitted in response to the computing system authenticating a client device to access the cloud-based service, the request identifying an account of the productivity application; in response to determining that the account is not associated with a valid access token for the productivity application, redirecting the computing system to a directory service of the productivity application to provide authentication credentials associated with the account; and in response to determining that the authentication credentials associated with the account were provided to the directory service, providing the computing system with an access token to access the productivity application, the computing system using the access token to provide the client device with the productivity application integrated within the cloud-based service.
17 . The machine readable medium of claim 16 , wherein determining that the account is not associated with the valid access token for the productivity application comprises:
searching a secure storage based on the account of the productivity application that is identified in the request.
18 . The machine readable medium of claim 16 , wherein determining that the authentication credentials associated with the account were provided to the directory service comprises:
receiving an authorization code from the computing system, the authorization code having been provided to the computing system by the directory service in response to the authentication credentials associated with the account being provided to the directory service.
19 . The machine readable medium of claim 18 , wherein providing the computing system with the access token to access the productivity application comprises:
transmitting the authorization code to the directory service to redeem the access token; and receiving the access token from the directory service.
20 . The machine readable medium of claim 19 , the operations further comprising:
storing the access token in a secure storage and associated the access token with the account of the productivity application; receiving a subsequent request from the computing system providing the cloud-based service, the subsequent request identifying the account of the productivity application; accessing the access token by searching the secure storage based on the account of the productivity application that is identified in the subsequent request; and providing the computing system with the access token to access the productivity application.
21 . The machine readable medium of claim 20 , wherein the subsequent request was transmitted in response to the computing system authenticating a second client device to access the cloud-based service the computing system and the computing system uses the access token to provide the second client device with the productivity application integrated within the cloud-based service.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.