Some prior user authentication solutions require account credentials that are combinations of a user-furnished password or personal identification number (PIN) and a generated security token. Some existing authentication solutions rely on smart cards or hardware tokens stored on a dedicated storage device. Such solutions typically require a dedicated authentication server, which must be synchronized with the hardware tokens in order to generate time-synchronized one-time passwords or synchronous dynamic password tokens.
Traditional approaches to authenticating users employ Single sign-on (SSO) techniques and/or directory services accessed using the Lightweight Directory Access Protocol (LDAP). SSO requires centralized, dedicated authentication servers that all applications and computing devices in an environment must use for authentication. Because different resources and applications require different authentication protocols and mechanisms, SSO systems must internally translate and store credentials differing from credentials used for initial user authentication. Due to their complexity and requirements for dedicated servers and proprietary software, directory services and SSO systems are often expensive to implement and maintain.
Group membership is typically based on a system administrator explicitly adding users to groups. Traditional group management techniques rely on manual steps and processes for adding users to groups. Such techniques require significant resources from webmasters, and/or other information (IT) technology personnel such as system, database, and/or network administrators. Some prior group management solutions map users to groups statically through use of pre-determined configuration files. Such static mappings are done a priori and cannot dynamically map users to groups at runtime based on an email address or an organization determined when users log in. Existing group management solutions create new users when users log in for the first time and then manually add new users to groups. Some of these solutions initiate a work flow every time a new user logs in. The work flow requires manual steps of checking the user's information and explicitly adding the new user to a specific group after inspecting the information. Such prior solutions do not provide automated, implicit, runtime assignment of a user to a group based on the user's email address and/or information retrieved from a third party.