A company uses the following services and federation protocols to manage employee benefits:
Health Care Administration (SAMLv2)
Retirement Plan Administration (ID-FF1)
Stock Plan Administration (WS-Federation)
The company itself acts as an Identity Provider, managing employee information in its corporate user database. The Identity Provider enables employees to access any of the three Service Providers through an employee portal. The Health Care Service Provider uses the SAMLv2 federation protocol. The Retirement Plan Service Provider uses ID-FF1, and the Stock Plan Service Provider uses WS-Federation. The Identity Provider is configured as a Multi-Federation Protocol Hub and provides single sign-on and single logout across all these services.
The following figures illustrates a typical Multi-Federation Protocol Hub process flow.
The following figure illustrates the process flow for Single Logout using the Multi-Federation Protocol Hub.