The present invention relates generally to user authentication, and more particularly to limiting access to authorized users.
Many organizations use a security assertion mark-up language (SAML) federated log in to authenticate a user when the user logs in to the organization system. A common identifier used by an organization for authentication is a user email address associated with each user. The user may be able to log in to another application or a third party server through an access portal on the organization system. The organization systems transmit the user email address to the other application or the third party server as a means to authenticate the identity of the user. However, within most organizations a system administrator and/or a department administrator is able to access and edit a database within the organization that contains the user email address that is sent for user authentication. In this situation, it is possible that a user may be impersonated when a person who has access to the database is able to make changes to the user email address associated with each user.