Methods, systems, and computer program products for authenticating an entity through use of a global identity of the entity that serves as a proxy for one or more local identities of the entity
US-9241003-B2 · Jan 19, 2016 · US
Directory service user synchronization
US11310213B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11310213-B2 |
| Application number | US-201615057490-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 1, 2016 |
| Priority date | Sep 11, 2015 |
| Publication date | Apr 19, 2022 |
| Grant date | Apr 19, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various examples for enrolling a client device and synchronizing user attributes for the client device across multiple directory services. A search request for user attributes can be sent to a first directory service with an identifier for a user account. The first directory service can query for the identifier and send back user attributes. If a global identifier is included in the attributes, another search request for user attributes can be sent to a second directory service with the global identifier. The second directory service can query for the global identifier and send back user attributes.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A method, comprising: in an instance in which a user account comprising an identifier is detected as omitted from a list of managed users managed by a management service, searching a first directory service for a plurality of first user attributes based at least in part on the identifier; receiving the plurality of first user attributes from the first directory service; determining that the plurality of first user attributes includes a global identifier; searching a second directory service for a plurality of second user attributes based at least in part on the global identifier; receiving the plurality of second user attributes from the second directory service; and enrolling a client device in the management service, the management service configured to enforce at least one compliance rule based on the user account being assigned to a group based on one of the plurality of second user attributes. 2. The method of claim 1 , further comprising receiving an authentication confirmation comprising the identifier from the client device, the client device being associated with the user account. 3. The method of claim 2 , further comprising updating a plurality of user properties corresponding to the user account based at least in part on at least one of: the plurality of first user attributes or the plurality of second user attributes. 4. The method of claim 3 , further comprising scheduling a periodic query of the first directory service and the second directory service for changes to the user account, wherein updating the plurality of user properties corresponding to the user account occurs in response to the periodic query. 5. The method of claim 1 , wherein the global identifier is an immutable identifier. 6. The method of claim 1 , further comprising: detecting a conflict between the plurality of first user attributes and the plurality of second user attributes; and resolving the conflict based at least in part on a last modified timestamp associated with a conflicting set of user attributes. 7. A non-transitory computer-readable medium embodying a program that, when executed by at least one computing device, causes the at least one computing device to at least: in an instance in which a user account comprising an identifier is detected as omitted from a list of managed users managed by a management service, search a first directory service for a plurality of first user attributes based at least in part on the identifier; receive the plurality of first user attributes from the first directory service; determine that the plurality of first user attributes includes a global identifier; searching a second directory service for a plurality of second user attributes based at least in part on the global identifier; receive the plurality of second user attributes from the second directory service; and enroll a client device in the management service, the management service configured to enforce at least one compliance rule based on the user account being assigned to a group based on one of the plurality of second user attributes. 8. The non-transitory computer-readable medium of claim 7 , wherein the program further causes the at least one computing device to at least receive an authentication confirmation comprising the identifier from the client device, the client device being associated with the user account. 9. The non-transitory computer-readable medium of claim 8 , wherein the program further causes the at least one computing device to at least update a plurality of user properties corresponding to the user account based at least in part on at least one of: the plurality of first user attributes or the plurality of second user attributes. 10. The non-transitory computer-readable medium of claim 9 , wherein the program further causes the at least one computing device to at least schedule a periodic query of the first directory service and the second directory service for changes to the user account, wherein updating the plurality of user properties corresponding to the user account occurs in response to the periodic query. 11. The non-transitory computer-readable medium of claim 7 , wherein the global identifier is an immutable identifier. 12. The non-transitory computer-readable medium of claim 8 , wherein the program further causes the at least one computing device to at least: detect a conflict between the plurality of first user attributes and the plurality of second user attributes; and resolve the conflict based at least in part on a last modified timestamp associated with a conflicting set of user attributes. 13. A system, comprising: a data store; at least one computing device in communication with the data store, the at least one computing device being configured to at least: in an instance in which a user account comprising an identifier is detected as omitted from a list of managed users managed by a management service, search a first directory service for a plurality of first user attributes based at least in part on the identifier; receive the plurality of first user attributes from the first directory service; determine that the plurality of first user attributes includes a global identifier; search a second directory service for a plurality of second user attributes based at least in part on the global identifier; receive the plurality of second user attributes from the second directory service; and enroll a client device in the management service, the management service configured to enforce at least one compliance rule based on the user account being assigned to a group based on one of the plurality of second user attributes. 14. The system of claim 13 , wherein the at least one computing device is further configured to at least receive an authentication confirmation comprising the identifier from the client device, the client device being associated with the user account. 15. The system of claim 14 , wherein the at least one computing device is further configured to at least update a plurality of user properties corresponding to the user account based at least in part on at least one of: the plurality of first user attributes or the plurality of second user attributes. 16. The system of claim 15 , wherein the at least one computing device is further configured to at least schedule a periodic query of the first directory service and the second directory service for changes to the user account, wherein updating the plurality of user properties corresponding to the user account occurs in response to the periodic query. 17. The system of claim 13 , wherein the global identifier is an immutable identifier. 18. The method of claim 1 , wherein the identifier comprises at least one of: an object ID and a User Principal Name. 19. The non-transitory computer-readable medium of claim 7 , wherein the identifier comprises at least one of: an object ID and a User Principal Name. 20. The system of claim 13 , wherein the identifier comprises at least one of: an object ID and a User Principal Name.
Assignees
Inventors
Classifications
Group management mechanisms (management of multicast group membership H04L12/185; reconfiguring of node membership in a computing system to eliminate errors G06F11/1425) · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
User profiles · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11310213B2 cover?
- Disclosed are various examples for enrolling a client device and synchronizing user attributes for the client device across multiple directory services. A search request for user attributes can be sent to a first directory service with an identifier for a user account. The first directory service can query for the identifier and send back user attributes. If a global identifier is included in t…
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 19 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).