Multi-account gateway
US-2021075727-A1 · Mar 11, 2021 · US
System and method for describing and visualizing allowed, denied, chained and effective access to a system
US12598188B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12598188-B2 |
| Application number | US-202318326705-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 31, 2023 |
| Priority date | May 31, 2023 |
| Publication date | Apr 7, 2026 |
| Grant date | Apr 7, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are disclosed relating to identity governance and privileged access control in a distributed networked computing environment for cloud based computing services. Embodiments disclosed include a logical model developed to describe the effective access of multiple cloud service providers (CSPs), each of which may be based on different access systems. The resulting system can then provide a singular experience across all CSPs used by users, giving users a clear picture of how access is achieved.
First claim
Opening claim text (preview).
What is claimed is: 1 . An identity management system, comprising: a processor; a non-transitory, computer-readable storage medium, including computer instructions for: obtaining identity management data from a plurality of different cloud service providers, the identity management data from each respective cloud service provider comprising data relating to rights and permissions associated with users of the respective cloud service provider, wherein the identity management data from a respective cloud service provider uses different terminology and a different data model than other of the different cloud service providers; for each of the plurality of cloud service providers, normalizing the identity management data of the respective cloud service provider to match normalized terminology used by each of the plurality of cloud service providers; for each of the plurality of cloud service providers, evaluating the respective normalized identity management data to determine rights of users and groups associated with the respective cloud service provider; applying the determined rights of the plurality of cloud service providers to an access model to determine federated rights of users and groups across the plurality of different cloud service providers; and presenting over a graphical user interface a graphical representation of the federated rights of a user across the plurality of cloud service providers. 2 . The identity management system of claim 1 , wherein at least one of the plurality of cloud service providers implements role-based access control. 3 . The identity management system of claim 1 , wherein at least one of the plurality of cloud service providers implements attribute-based access control. 4 . The identity management system of claim 1 , wherein the identity management data for a given cloud service provider specifies a collection of permissions and actions that a given user is allowed to take. 5 . The identity management system of claim 1 , wherein the identity management data for a given cloud service provider specifies a set of resources to which a given user has access. 6 . The identity management system of claim 1 , wherein the identity management data for a given cloud service provider specifies one or more groups to which a given user is associated. 7 . The identity management system of claim 1 , wherein the graphical representation illustrates when a given user is allowed to assume a role. 8 . A method, comprising: obtaining identity management data from a plurality of different cloud service providers, the identity management data from each respective cloud service provider comprising data relating to rights and permissions associated with users of the respective cloud service provider, wherein the identity management data from a respective cloud service provider uses different terminology and a different data model than other of the different cloud service providers; for each of the plurality of cloud service providers, normalizing the identity management data of the respective cloud service provider to match normalized terminology used by each of the plurality of cloud service providers; for each of the plurality of cloud service providers, evaluating the respective normalized identity management data to determine rights of users and groups associated with the respective cloud service provider; applying the determined rights of the plurality of cloud service providers to an access model to determine federated rights of users and groups across the plurality of different cloud service providers; and presenting over a graphical user interface a graphical representation of the federated rights of a user across the plurality of cloud service providers. 9 . The method of claim 8 , wherein at least one of the plurality of cloud service providers implements role-based access control. 10 . The method of claim 8 , wherein at least one of the plurality of cloud service providers implements attribute-based access control. 11 . The method of claim 8 , wherein the identity management data for a given cloud service provider specifies a collection of permissions and actions that a given user is allowed to take. 12 . The method of claim 8 , wherein the identity management data for a given cloud service provider specifies a set of resources to which a given user has access. 13 . The method of claim 8 , wherein the identity management data for a given cloud service provider specifies one or more groups to which a given user is associated. 14 . The method of claim 8 , wherein the graphical representation illustrates when a given user is allowed to assume a role. 15 . A non-transitory computer readable medium, comprising instructions for: obtaining identity management data from a plurality of different cloud service providers, the identity management data from each respective cloud service provider comprising data relating to rights and permissions associated with users of the respective cloud service provider, wherein the identity management data from a respective cloud service provider uses different terminology and a different data model than other of the different cloud service providers; for each of the plurality of cloud service providers, normalizing the identity management data of the respective cloud service provider to match normalized terminology used by each of the plurality of cloud service providers; for each of the plurality of cloud service providers, evaluating the respective normalized identity management data to determine rights of users and groups associated with the respective cloud service provider; applying the determined rights of the plurality of cloud service providers to an access model to determine federated rights of users and groups across the plurality of different cloud service providers; and presenting over a graphical user interface a graphical representation of the federated rights of a user across the plurality of cloud service providers. 16 . The non-transitory computer readable medium of claim 15 , wherein at least one of the plurality of cloud service providers implements role-based access control. 17 . The non-transitory computer readable medium of claim 15 , wherein at least one of the plurality of cloud service providers implements attribute-based access control. 18 . The non-transitory computer readable medium of claim 15 , wherein the identity management data for a given cloud service provider specifies a collection of permissions and actions that a given user is allowed to take. 19 . The non-transitory computer readable medium of claim 15 , wherein the identity management data for a given cloud service provider specifies a set of resources to which a given user has access. 20 . The non-transitory computer readable medium of claim 15 , wherein the identity management data for a given cloud service provider specifies one or more groups to which a given user is associated.
Assignees
Inventors
Classifications
- H04L41/22Primary
comprising specially adapted graphical user interfaces [GUI] · CPC title
- H04L63/102Primary
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12598188B2 cover?
- Systems and methods are disclosed relating to identity governance and privileged access control in a distributed networked computing environment for cloud based computing services. Embodiments disclosed include a logical model developed to describe the effective access of multiple cloud service providers (CSPs), each of which may be based on different access systems. The resulting system can th…
- Who is the assignee on this patent?
- Sailpoint Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/22. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).