Core Architecture Components

1. Identity Providers (IdPs) - The Foundation

• What they do: Authenticate users ("who are you?") and store core identity attributes
• Examples: Azure AD/Entra ID, Okta, Google Workspace, Auth0
• Your understanding: ✅ Correct - they aggregate identifiers and create master user identity

2. Directory Sync/User Provisioning - The Plumbing

• What they do: Automatically create/update/delete user accounts across systems
• Protocols: SCIM, LDAP, proprietary APIs
• Your understanding: ✅ Correct - handles account lifecycle management

3. Single Sign-On (SSO) - The Front Door

• What they do: Enable seamless login across applications
• Protocols: SAML, OpenID Connect, OAuth 2.0
• Your understanding: ✅ Correct - handles authentication flow

The Missing Piece: Authorization & Permissions

Here's where it gets complex and where major gaps exist:

4. Authorization/Permissions Management - The Wild West This is where your question about "defining permissions/roles across applications" hits the current pain point. The landscape is fragmented:

Current State:

• Most applications manage their own permissions internally
• No universal standard for cross-application role/permission sync
• Organizations end up with permission sprawl and inconsistent access