Abstract: An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system may also a mobile device management system to configure a client of the user with the new password.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.

Abstract: An on-premise software application (“OPA”) is communicated with according to an action received from outside a firewall. The action concerns user account information maintained by the OPA. The OPA is installed on a device located inside the firewall. The action is received from a management server located outside the firewall. The action includes a portion that adheres to a standardized format. An OPA interface request is generated based on the action. The OPA interface request includes the standardized portion. The OPA interface request is sent to an agent/OPA interface.

Abstract: Updating integration metadata in a system includes determining at a services management platform that a service provider software code has changed in a manner that affects a canonical feature provided by the service management platform with respect to a service of the service provider to end users, wherein the canonical feature is provided at least in part by interacting with the service provider on the behalf of a user; and implementing at the services management platform, with respect to at least a subset of users, an accommodation that enables the canonical feature to be provided subsequent to the service provider software code having been changed.

Abstract: A check in communication is received from an agent running inside a firewall via a permitted firewall communication channel. The check in communication is received via the permitted firewall communication channel without modifying a firewall configuration. The check in communication is responding to with an instruction to be performed by the agent running inside the firewall, where the response is via the permitted firewall communication channel.

Abstract: A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy.

Abstract: A request is received for a service provider to perform an action associated with a canonical feature. Metadata associated with the service provider is used to interact with the service provider in a way that causes the service provider to perform the action.

Abstract: Updating integration metadata in a multi-tenant system includes determining at a multi-tenant services management platform that a service provider software code has changed in a manner that affects a canonical feature provided by the multi-tenant service management platform with respect to a service of the service provider to end users associated with one or more tenants of the multi-tenant services management platform, wherein the canonical feature is provided at least in part by interacting with the service provider on the behalf of a user; and implementing at the multi-tenant services management platform, with respect to at least a subset of said one or more tenants, an accommodation that enables the canonical feature to be provided subsequent to the service provider software code having been changed.

Abstract: A check in communication is received from an agent running inside a firewall via a permitted firewall communication channel. The check in communication is received via the permitted firewall communication channel without modifying a firewall configuration. The check in communication is responding to with an instruction to be performed by the agent running inside the firewall, where the response is via the permitted firewall communication channel.

Abstract: An on-premise software application (“OPA”) is communicated with according to an action received from outside a firewall. The action concerns user account information maintained by the OPA. The OPA is installed on a device located inside the firewall. The action is received from a management server located outside the firewall. The action includes a portion that adheres to a standardized format. An OPA interface request is generated based on the action. The OPA interface request includes the standardized portion. The OPA interface request is sent to an agent/OPA interface.

Abstract: A request is received for a service provider to perform an action associated with a canonical feature. Metadata associated with the service provider is used to interact with the service provider in a way that causes the service provider to perform the action.