IA-13 Identity Providers and Authorization Servers
Employ identity providers and authorization servers to manage user, device, and non-person entity (NPE) identities, attributes, and access rights supporting authentication and authorization decisions in accordance with ia-13_odp.01 using ia-13_odp.02.
| Parameter ID | Definition |
|---|---|
| ia-13_odp.01 | policy |
| ia-13_odp.02 | mechanisms |
Baselines
- L
- M
- H
- P
Guidance
Identity providers, both internal and external to the organization, manage the user, device, and NPE authenticators and issue statements, often called identity assertions, attesting to identities of other systems or systems components. Authorization servers create and issue access tokens to identified and authenticated users and devices that can be used to gain access to system or information resources. For example, single sign-on (SSO) provides identity provider and authorization server functions. Authenticator management (to include credential management) is covered by IA-05.
Control Enhancements 3
- IA-13(01) Protection of Cryptographic Keys L M H P
- IA-13(02) Verification of Identity Assertions and Access Tokens L M H P
- IA-13(03) Token Management L M H P
Related controls 6
- AC-03 Access Enforcement L M H P
- IA-02 Identification and Authentication (Organizational Users) L M H P
- IA-03 Device Identification and Authentication L M H P
- IA-08 Identification and Authentication (Non-organizational Users) L M H P
- IA-09 Service Identification and Authentication L M H P
- IA-12 Identity Proofing L M H P