Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform.

Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.