Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Abstract: According to examples, an apparatus may include a processor that may access a request for access by an application to a resource and may record the request in a data store. The processor may also identify an authorized entity to evaluate the request and output a notification to the authorized entity to evaluate the request, in which the authorized entity is to evaluate the request asynchronously with submission of the request by the application. In addition, the processor may determine whether a response is received from the authorized entity and, based on a determination that the response is received, may reject or grant the request based on the response and clear the record of the request from the data store.

Abstract: According to examples, an apparatus may include a processor that may access a request for access by an application to a resource and may record the request in a data store. The processor may also identify an authorized entity to evaluate the request and output a notification to the authorized entity to evaluate the request, in which the authorized entity is to evaluate the request asynchronously with submission of the request by the application. In addition, the processor may determine whether a response is received from the authorized entity and, based on a determination that the response is received, may reject or grant the request based on the response and clear the record of the request from the data store.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Abstract: According to examples, an apparatus may include a processor that may access a request for access by an application to a resource and may record the request in a data store. The processor may also identify an authorized entity to evaluate the request and output a notification to the authorized entity to evaluate the request, in which the authorized entity is to evaluate the request asynchronously with submission of the request by the application. In addition, the processor may determine whether a response is received from the authorized entity and, based on a determination that the response is received, may reject or grant the request based on the response and clear the record of the request from the data store.

Abstract: The automatic troubleshooting of failed single sign on attempts via an identity provider to a service provider. When an error message is encountered due to that failed single sign on attempt, that error message is used to automatically identify a root cause of the failure of the single sign on attempt. In some embodiments, a resolution of the failure is also identified, and a tool for the resolution automatically provided to the user. Such failures in single sign on attempts usually are due to improper configuration information being provided to the identity provider. The principles described herein allow a user to test ahead of time whether they have provided proper configuration information to the identity provider, and potentially correct any problems in the single sign on experience in advance, perhaps well in advance of actually needing a resource provided by the service provider.

Abstract: The automatic troubleshooting of failed single sign on attempts via an identity provider to a service provider. When an error message is encountered due to that failed single sign on attempt, that error message is used to automatically identify a root cause of the failure of the single sign on attempt. In some embodiments, a resolution of the failure is also identified, and a tool for the resolution automatically provided to the user. Such failures in single sign on attempts usually are due to improper configuration information being provided to the identity provider. The principles described herein allow a user to test ahead of time whether they have provided proper configuration information to the identity provider, and potentially correct any problems in the single sign on experience in advance, perhaps well in advance of actually needing a resource provided by the service provider.