Organizations, such as companies and other enterprises, often network their computing devices to communicate with each other and with computing devices outside of the organization. Network directories, also referred to simply as “directories,” are specialized collections of information about devices, applications, people and other common objects of computer networks. Organizations with computing networks typically use directories to efficiently locate, organize, administer and otherwise manage the network resources. For example, a user may be added to a directory and associated with particular credentials. Thereafter, the user may be authenticated by comparing user-supplied credentials (e.g., obtained during a login procedure) to those in the directory. Information about what the user is authorized to do may then be retrieved from the directory. As another example, individual computers, printers and other devices that are part of a network environment may be listed in a directory, and applications or users may look up a list of available devices in the directory and obtain information for accessing them (e.g., names, addresses, etc.).
Some network-based service providers (e.g., providers of “cloud-based” services to external customers, such as file storage and backup, messaging, social networking, and the like) maintain their own directories and use those directories in part to provide authentication services to third party applications and services. Customers and other users create accounts with the network-based service providers and obtain user credentials. Users can then log onto various third party applications and services using the credentials associated with the network-based service provider, and the network-based service provider can authenticate the user without exposing the user's secure information (e.g., password) to the third party applications and services.