The current state of identity within an enterprise extends well beyond single-sign-on. Many aspects of enterprise identity are covered by specifications inside and outside of the OIDF community: OpenID Connect, Shared Signals, OAuth 2.0, SCIM, and more.

These specifications enable a wide range of capabilities – many of which go beyond the minimum requirements for enterprise and include features that are irrelevant in that context. Importantly, they are often frameworks that contain significant levels of optionality, reducing the likelihood that independent implementations will interoperate.

This Work Group will develop profiles of existing specifications with a primary goal of achieving interoperability between independent implementations. It will do this while prioritizing secure defaults.

The initial problem space focuses on:

• Single Sign-On
• User Lifecycle Management
• Entitlements
• Risk Signal Sharing
• Logout
• Token Revocation

It may also address problems, like: 

• Discoverability of specific features within the above capabilities
• New user onboarding and account recovery
• Discovering the application used within an enterprise
• Monitoring and provisioning application usage
• Managing restrictions on application usage

Those interested in joining this Work Group are encouraged to join the Mailing List.