About

Federation refers to technologies that enable Single Sign-On (SSO).

Federation allows the establishment of a trust between multiple domains, which can be used for authentication and authorization. The parties involved in federation are the Identity Provider (IdP) and Service Provider (SP). The IdP will perform the authentication and share the authentication information to the SP. There are two flows in federation – an IdP-initiated flow and a SP-initiated flow.

Users are authenticated by DTCC when they initially access MyDTCC. Federation is an alternative authentication method. When using federation, a user authenticates with their organization’s identity verification system (such as via Multi-Factor Authentication, or MFA) and then the browser is redirected to the DTCC website. The DTCC website recognizes the user. In other words, the user has been signed onto DTCC’s system using SSO based on the user’s authentication on the client organization systems. 

 

Benefits

Using SAML federation has many advantages, both for the client organization and DTCC.

  • Since their users’ credentials (password) are housed within their directories, client organizations can apply their policies to these artifacts, such as periodic rotation of passwords.
  • When a user leaves the client organization, deactivating a user within their directory removes the capability to issue SAML tokens (SAML assertions), effectively removing the user's access to DTCC applications
  • A client organization using SAML federation can tie SAML token issuance to their SSO system, making access to DTCC applications transparent while keeping control of who can access DTCC applications
  • With SAML federation, there is no need for a user to have a DTCC specific password. This is both more convenient and reduces risk of password compromise. 

 

Next Steps 

To request Federated SSO for your organization, please consult with an Administrator (Super Access Coordinator/Access Coordinator/Product Administrator) at your firm to submit a MyDTCC SAML/Federated Access support request. A list of your Administrators can be found on the MyDTCC home page by clicking on My Administrators, or please contact us.

  1. Login to MyDTCC.
  2. On the MyDTCC home page, click the Support tab.
  3. Click the Support Request tile. 
  4. Select MyDTCC SAML in the Product or Service dropdown.
  5. Select MyDTCC Federated Access for the topic and follow the additional prompts.
  6. Once complete, you will receive an email notification with your submission details.

 

 

F.A.Q. DTCC SAML Federation

October 31, 2023

SAML Federation Implementation Guide 2024

April 11, 2024

back to top