Abstract: An account provisioning manager is disclosed. A placeholder account is generated with a primary work set attribute and a plurality of enhanced work set attributes. Initially, the primary work set attribute is populated with data to convert the placeholder account into an onboarded operating account. Subsequently, the plurality of enhanced work set attributes are populated via data propagation into the onboarded operating account, wherein an enhanced work set attribute of the plurality of enhanced work set attributes is selectively populated in response to a trigger for the onboarded operating account.

Abstract: A method performed by a computing system comprises accessing group subscription data that is associated with a user and identifies a plurality of different groups, each group being hosted by a corresponding client system. The group subscription data indicates that the user is subscribed to receive resource updates from the plurality of different groups. An aggregated set of resource updates is generated by aggregating resource updates associated with resources in the plurality of different groups. An integrated view renders the aggregated set of resource updates and includes an action user input mechanism representing a computing action to be performed in a corresponding one of the groups associated with at least one resource update. Based on user actuation of the action user input mechanism, a machine instruction instructs the client system, that hosts the corresponding group, to perform the computing action.

Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a user credential from a terminal, in which the user credential is stored in a machine-readable code on a user device and the terminal obtained the machine-readable code from the user device. The processor may also identify at least one authentication factor associated with the user based on the user credential, in which the authentication factor(s) includes a physical location associated with the user and/or a time-based factor. The processor may further determine whether the authentication factor(s) indicates that the user is to be granted access to the terminal and based on a determination that the authentication factor(s) indicates that the user is to be granted access to the terminal, may grant the user access to the terminal.

Abstract: A computing system includes a processor and memory storing instructions executable by the at least one processor. The instructions, when executed, provide a user interface component that receives an indication of an external user with which to share an item of electronic content, a link generation component that generates a link to share the item of electronic content and identifies a communication endpoint associated with the external user, and an access control component that receives a request to access the item of electronic content using the link and, in response to the request, generates an access code that is communicated to the communication endpoint associated with the external user. The user interface component receives an access input, and the access control component grants access to the item of electronic content based on a determination that the access input includes the access code communicated to the communication endpoint associated with the external user.

Abstract: Authenticating an E-tournament identity using personal identity credentials. A method includes determining that a gaming device is configured for use in an E-tournament. The method further includes receiving from the device, user personal identity credentials. As a result, the method further includes, signing in to an E-tournament identity using the personal identity credentials.

Abstract: The automatic selection of an identity provider to be used to authenticate users when requesting to access network resources for a tenant. The authentication is initiated by checking the username against the directory of the tenant. If that check results in finding an entry for the username in that directory, the entry is checked for an identity provider. If that check results in finding an identity provider, the user is directed to that found identity provider for authentication. Thus, in many, most, or all cases, an identity provider is found and selected for authentication of the user without the user having to manually select the identity provider. The username may be an internal user of an entity. The selection of the identity provider works in either case since there would still be an entry for that user in the directory of the tenant.

Abstract: Authenticating an E-tournament identity using personal identity credentials. A method includes determining that a gaming device is configured for use in an E-tournament. The method further includes receiving from the device, user personal identity credentials. As a result, the method further includes, signing in to an E-tournament identity using the personal identity credentials.

Abstract: A method and system performed by a computing system for signing in using personal identifiers input via a sign-in portal that supports multiple tenants is provided. The system receives a sign-in request for a user that includes a personal identifier. The personal identifier uniquely identifies a person but does not include an identification of a tenant. The system performs a verification based on the personal identifier to authenticate the user. The system identifies, from a mapping, a tenant to which the personal identifier is mapped. The mapping maps personal identifiers of users to tenants. The system retrieves, from a user store for the tenant, user information relating to the user. The system then creates a security token based on the user information. If verification of the user was successful, the system sends the security token to the sign-in portal as evidence that the user has been authenticated.

Abstract: A method performed by a computing system comprises accessing group subscription data that is associated with a user and identifies a plurality of different groups, each group being hosted by a corresponding client system. The group subscription data indicates that the user is subscribed to receive resource updates from the plurality of different groups. An aggregated set of resource updates is generated by aggregating resource updates associated with resources in the plurality of different groups. An integrated view renders the aggregated set of resource updates and includes an action user input mechanism representing a computing action to be performed in a corresponding one of the groups associated with at least one resource update. Based on user actuation of the action user input mechanism, a machine instruction instructs the client system, that hosts the corresponding group, to perform the computing action.

Abstract: A user interface provides mechanisms for a user to select resources from a plurality of different groups, across clients. Updates from all of the selected resources are aggregated and displayed to the user, across clients, in an integrated view.

Abstract: The automatic selection of an identity provider to be used to authenticate users when requesting to access network resources for a tenant. The authentication is initiated by checking the username against the directory of the tenant. If that check results in finding an entry for the username in that directory, the entry is checked for an identity provider. If that check results in finding an identity provider, the user is directed to that found identity provider for authentication. Thus, in many, most, or all cases, an identity provider is found and selected for authentication of the user without the user having to manually select the identity provider. The username may be an internal user of an entity. The selection of the identity provider works in either case since there would still be an entry for that user in the directory of the tenant.

Abstract: A computing system includes a processor and a data store coupled to the processor. The computing system is configured to provide access to electronic content stored in the data store. A user interface component is configured to receive an indication of an external user with which to share an item of electronic content. A link generation component is configured to generate a link to share the item of electronic content. An access control component is configured to receive a request to access the item of electronic content using the link, and responsively generate an access code that is communicated to a known endpoint associated with the link. The user interface component is configured to receive a user input containing a user-entered access input. The access control component is configured to selectively grant access to the item of electronic content based on whether the user-entered access input matched the access code communicated to the known endpoint associated with the link.

Abstract: A method and system performed by a computing system for signing in using personal identifiers input via a sign-in portal that supports multiple tenants is provided. The system receives a sign-in request for a user that includes a personal identifier. The personal identifier uniquely identifies a person but does not include an identification of a tenant. The system performs a verification based on the personal identifier to authenticate the user. The system identifies, from a mapping, a tenant to which the personal identifier is mapped. The mapping maps personal identifiers of users to tenants. The system retrieves, from a user store for the tenant, user information relating to the user. The system then creates a security token based on the user information. If verification of the user was successful, the system sends the security token to the sign-in portal as evidence that the user has been authenticated.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: Systems, methods, and computer-readable storage media are provided for discovering and disambiguating identity providers such that user knowledge of appropriate identity providers is minimized. Users are presented with options for selecting appropriate providers only when multiple providers have user profiles matching a user identifier. When users are presented with options for selecting appropriate providers, providers that have user profiles matching the identifier are identified utilizing identity information for the application that utilizes the identity provider for its users rather than information identifying the identity provider itself.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: A method for sign-on and sign-out for a computer system. The method includes receiving a first sign-on request for the computer system and obtaining, from the first sign-on request, a first user identifier where the first user identifier corresponds to a first user for the computer system. The method then includes obtaining, from the first sign-on request, a first uniform resource locator (URL) and determining whether the first URL includes a first root name for the computer system. When a determination is made that the first URL includes the first root name for the computer system a first cookie associated with the first user is issued and a first sub-domain name is obtained from the first URL. Also, a second cookie may be issued associated with the first sub-domain name and, when the first cookie and the second cookie are issued, the first user may sign-on to the computer system. In one or more embodiments, the method may include receiving a sign-out request.