US Patent 10205717 Virtual machine logon federation

Systems and methods are described for providing federated access to end-users of virtual machines. The method includes receiving a request from a user to access a resource outside of the user's original security domain. The user's existing security credentials are forwarded to an authentication entity, which determines if the user's credentials are authentic. If it is determined that the user's credentials are authentic, the user's target identity provider generates a security token that provides the virtual machine user with access to the resource, the resource residing in an external security domain. The user may log on to the virtual machine with access to the desired resource, subject to the privileges identified in the security token.