Relying Parties

A Relying Party (RP) is an application, service, or system that relies on an Identity Provider (IdP) to authenticate and verify digital identities. Relying parties can be classified into first-party or third-party categories.

First-Party RP

A first-party RP operates within the same ecosystem as its identity provider, with both managed by the same organization.

Key Characteristics:

• User consent may not always be explicitly required, as both the RP and IdP are controlled by the same organization. Consent is often implied through agreements such as employment contracts or terms of service.

Examples:

• The Future Platform Self-Service application (RP) authenticates users through an organization-managed Identity Provider.

• The HR application (RP) authenticates employees using corporate email accounts or badges via an identity provider managed by the organization (e.g., Microsoft Entra ID, Google Workspace).

• The university grading portal (RP) authenticates students and faculty using university-managed credentials (e.g., Microsoft Entra ID for Education, Google Workspace Education).

Third-Party Relying Party

A third-party RP depends on identity providers managed by a different organization, outside its own ecosystem.

Key Characteristics:

• Explicit user consent is always required, as the RP relies on an external service to authenticate users and access their data (e.g., email, profile).

• Consent is typically obtained through the external identity provider’s consent screen before any data is shared with the RP.

Examples:

• The customer facing application (RP) allows users to log in using credentials from services like GitHub or Facebook and access profile information.

• The e-commerce webshop (RP) lets users log in using Google or Apple ID credentials and retrieve profile data.