Abstract: Systems, methods, and storage media for abstraction and enforcement of protected resources in an identity infrastructure are disclosed. Exemplary implementations may: identify one or more protected resources for one or more identity domains of an identity infrastructure; receive, at the identity infrastructure, a dataflow pertaining to first identity data for a first identity domain; request the first identity session based at least in part on the first identity data; receive a request to access a first protected resource of the one or more protected resources; accept the first identity session by the first protected resource; and provide the first user access to the first protected resource.

Abstract: Systems, methods, and storage media for analyzing authentication and authorization requirements in an identity infrastructure are disclosed. Exemplary implementations may: intercept, at a server, a first request to access an application in the identity infrastructure; transmit, from the server, one or more of the first request and a modified version of the first request to the application; intercept, at the server, a response from the application, based at least in part on the transmission; and display, via at least one interface, an analysis of one or more of the first request, the modified version of the first request, and the response, wherein the analysis comprising determining requirements for application authentication and authorization requirements, identity protocol(s) and/or techniques utilized by the application, whether user-defined security requirements have been implemented, and/or whether application meets predetermined compliance standards.

Abstract: Systems, methods, and storage media for abstracting session information for an application in an identity infrastructure are disclosed. Exemplary implementations may: intercept, from a first computing device, a request to communicate with the application; send the request to the application from the second computing device; receive a response from the application at the second computing device; cache the one or more first cookies; remove the one or more first cookies from the response; create one or more second cookies; and transmit the response to the first computing device from the second computing device.

Abstract: Systems, methods, and storage media for analyzing authentication and authorization requirements in an identity infrastructure are disclosed. Exemplary implementations may: intercept, at a server, a first request to access an application in the identity infrastructure; transmit, from the server, one or more of the first request and a modified version of the first request to the application; intercept, at the server, a response from the application, based at least in part on the transmission; and display, via at least one interface, an analysis of one or more of the first request, the modified version of the first request, and the response, wherein the analysis comprising determining requirements for application authentication and authorization requirements, identity protocol(s) and/or techniques utilized by the application, whether user-defined security requirements have been implemented, and/or whether application meets predetermined compliance standards.

Abstract: A system for controlling user access to an application is disclosed, where the system is configured to receive a request to access the application from a user, the application associated with an identity provider and a datastore; route the request to an intermediary; redirect the request to an identity provider for authentication; authenticate a user with the application based on receiving application identity information at the identity provider; generate a temporary user credential at the intermediary; provide the request along with the temporary user credential to the application; capture a backchannel request from the application to the datastore; confirm that the temporary user credential matches the one previously generated; send confirmation to the application that the temporary user credential enables user access to the application; send communication from the application to the user granting the user access to the application.

Abstract: Systems, methods, and storage media for synchronizing identity information across identity domains in an identity infrastructure are disclosed. Exemplary implementations may: identify at least one of first identity data and first identity metadata in a first identity domain; identify at least one of second identity data and second identity metadata in a second identity domain; receive a request to change the at least one of the first identity data and the first identity metadata for at least one user; and update the at least one of second identity data and second identity metadata for the at least one user based on the request to change the at least one of the first identity data and the first identity metadata for the at least one user.

Abstract: A system, apparatus, and method for policy management is provided. The system, apparatus, and method provide a universal policy management solution to unify multiple bespoke systems to enable management of access and other policies in distributed and/or heterogeneous environments. The system, apparatus, and method uses or may be referred to as Identity Query Language or “IDQL.” Policies and user access are defined centrally, and these policies are distributed out to the various bespoke systems. This distribution is aided by a policy gateway, or orchestrator, which acts as a policy mapper and/or API wrapper which accepts IDQL policy configurations, maps them to an imperative identity system, and carries out the IDQL command in the identity systems' native API calls.

Abstract: Systems, methods, and storage media for controlling identity information across multiple identity domains in a distributed identity infrastructure are disclosed. Exemplary implementations may: transmit first identity information from a first identity domain to an identity information control system; use the identity information control system to translate the first identity information from the first format to a second format and from the second format to a third format; send the first identity information in the third format from the identity information control system to a second identity domain; and replace second identity information in the second identity domain with the first identity information.

Abstract: Systems, methods, and storage media for migrating identity information across identity domains in an identity infrastructure are disclosed. Exemplary implementations may: receive a login request from a first user in a first identity domain; extract, from the login request, identity data, wherein the identity data comprises at least one of a user identifier and user credentials information associated with the first user; identify one or more credential verification resources in the first identity domain; verify at least one of the user identifier and user credentials information for the first user; identify one or more other identity domains, including at least a second identity domain, in the identity infrastructure, wherein the first user is an unmigrated user in the second identity domain; request additional identity data for the first user from the first identity domain; and create a user profile for the first user in the second identity domain.

Abstract: Systems, methods, and storage media for synchronizing identity information across identity domains in an identity infrastructure are disclosed. Exemplary implementations may: identify at least one of first identity data and first identity metadata in a first identity domain; identify at least one of second identity data and second identity metadata in a second identity domain; receive a request to change the at least one of the first identity data and the first identity metadata for at least one user; and update the at least one of second identity data and second identity metadata for the at least one user based on the request to change the at least one of the first identity data and the first identity metadata for the at least one user.

Abstract: Systems, methods, and storage media for controlling identity information across multiple identity domains in a distributed identity infrastructure are disclosed. Exemplary implementations may: transmit first identity information from a first identity domain to an identity information control system; use the identity information control system to translate the first identity information from the first format to a second format and from the second format to a third format; send the first identity information in the third format from the identity information control system to a second identity domain; and replace second identity information in the second identity domain with the first identity information.

Abstract: Systems, methods, and storage media for abstraction and enforcement of protected resources in an identity infrastructure are disclosed. Exemplary implementations may: identify one or more protected resources for one or more identity domains of an identity infrastructure; receive, at the identity infrastructure, a dataflow pertaining to first identity data for a first identity domain; request the first identity session based at least in part on the first identity data; receive a request to access a first protected resource of the one or more protected resources; accept the first identity session by the first protected resource; and provide the first user access to the first protected resource.

Abstract: Systems, methods, and storage media for assessment of identity resources in an identity infrastructure are disclosed. Exemplary implementations may: assess the identity infrastructure with at least one discovery agent element; identify, by the at least one discovery agent element, one or more infrastructure elements within the identity infrastructure; intercept, by the at least one discovery agent element, first network traffic in the identity infrastructure; assess, by the at least one discovery agent element, at least one of a status and a structure of the identity infrastructure; and report, by the at least one discovery agent element, at least one of the status and the structure of the identity infrastructure to one or more of an administrator and a centralized server.

Abstract: Systems, methods, and storage media for management of identity systems in an identity infrastructure are disclosed. Exemplary implementations may: install a discovery agent in the identity infrastructure; assess the identity infrastructure by the discovery agent; install an identity fabric in the identity infrastructure based on the assessing; receive, at the identity infrastructure, one or more data flows pertaining to identity data or identity metadata for at least one identity domain/system; manage, by a controller element, control plane operations across one or more elements or agents; manage, by at least one of the agents, the one or more data flows; detect and monitor, by the one or more elements or agents, at least one event linked to the one or more data flows; and assess the identity data or metadata and an associated state across the identity domains in the identity infrastructure based on the detecting and monitoring.