Abstract: A multi-tenant computing system provides services to a number of different tenant organizations. To address the problem of failure of portions of the system, the hardware infrastructure of the system is located at a number of different geographical locations. The various tenants are assigned to one of a set of “cells,” each cell corresponding to one of the geographical locations. Additionally, each cell has another one of the cells assigned to it as a backup cell, and the data of each cell is replicated within its assigned backup cell. At system run time, if a failure is detected within one of the cells, the network redirection is used within the multi-tenant system to reflect that the backup cell for the failing cell is now handling requests for the failing cell. Upon determination that the failing cell has been repaired and is now again correctly functioning, the network redirection is no longer employed, such that the (formerly) failing cell again handles its own requests.

Abstract: A multi-tenant computing system provides services to a number of different tenant organizations. To address the problem of failure of portions of the system, the hardware infrastructure of the system is located at a number of different geographical locations. The various tenants are assigned to one of a set of “cells,” each cell corresponding to one of the geographical locations. Additionally, each cell has another one of the cells assigned to it as a backup cell, and the data of each cell is replicated within its assigned backup cell. At system run time, if a failure is detected within one of the cells, the network redirection is used within the multi-tenant system to reflect that the backup cell for the failing cell is now handling requests for the failing cell. Upon determination that the failing cell has been repaired and is now again correctly functioning, the network redirection is no longer employed, such that the (formerly) failing cell again handles its own requests.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.

Abstract: Techniques are provided for extracting view data from documents, where the data corresponds to an application-specific view and includes a plurality of components. Component data is identified within the view data and a view signature is generated for the view data that includes component signatures generated for each of the components on which the view data is comprised. Each component signature is generated based on the component data that corresponds to each component. The signatures generated are used to detect duplicates among the documents.