A cloud-based single sign-on (SSO) system provides access to multiple independent software or network systems. For example, with a cloud-based SSO system, a user may log in at the cloud-based SSO system and gain access to the multiple but independent software or network systems without being prompted to continuously log in at subsequent times at each of the software or network systems.
The cloud-based SSO system may manage multiple identity services that each provide a type of authentication service or mechanism and/or are a source of information associated with authenticated users. For example, an identity service may provide an authentication service as well as attributes of users who have been authenticated by the authentication service. Once a user has been authenticated, the cloud-based SSO system may allow or authorize access to the software or network applications based on the user being authenticated against an identity service as well as information associated with the user provided by the identity service. For example, a user may be authorized to access an application based on a user attribute of the user that is stored at an identity service.
Policies may be assigned to the software or network applications based on the attributes of the users and/or the attributes may be transmitted to the software or network application. For example, an administrator of the cloud-based SSO system may define a policy that allows access to an application if a user attribute matches a condition of the policy.
Thus, the administrator of the cloud-based SSO may be required to identify specific attributes of users from identity services for defining a policy. However, the identity services may store attributes of the users in different formats (e.g., different attribute names). Such disparate attribute information stored at different identity services may make the assigning of attributes to a policy or the transmitting of such attributes to applications complex and difficult.